Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2018/
Deadline is 30th June 2018!

<< previous next >>

Ghost in the Locks: Owning Electronic Locks Without Leaving a Trace

Tomi Tuominen and Timo Hirvonen

2 vote(s)

A little over ten years ago, a friend of ours returned to his hotel room to find that his laptop was gone. The door to his room showed no signs of forced entry; there was no record that the electronic lock had been accessed while he was away; and there was certainly no evidence that this electronic lock, deployed on millions of doors in more than 150 countries worldwide, could have been hacked.

Sometimes hacking boils down to spending more time on something than anyone could reasonably expect. This talk is an ode to that cliché. It is the culmination of a decade-long quest to find out whether the most widely used electronic lock in the world can be bypassed without leaving a trace. And in this adventure, breaking into hotel rooms is only the beginning. But lucky for all of us, unlike most cases of theft from hotel rooms, this story has a happy ending.


Tomi Tuominen, Practice Leader, Cyber Security Services, F-Secure

Tomi is known as the “InfoSec Swiss Army Knife” because when it comes to defending computers, he’s done a little bit of everything. In his more than two decades in the industry, he has taken part in breakthrough research on Windows networking, physical accesss control systems and electronic voting.

As F-Secure’s Head of Technical Security Consulting, he specializes in protecting enterprises – often by breaking into them before anyone else can. The founder of the t2 infosec conference, Tomi has thrice been named one of the Top 100 IT Influencers in Finland.


Timo Hirvonen, Senior Consultant, Cyber Security Services, F-Secure

Timo has been with F-Secure since 2010. While working in Labs, Timo kept the good guys safe by studying the latest tricks the bad guys used. He spealized in exploit analysis. Timo joined Cyber Security Services in 2016, and nowadays he enjoys protecting the enterprises by working on various types of assessments, including incident response and red team excercises. Timo has presented at Black Hat USA 2014, Microsoft Digital Crimes Consortium 2014, CARO 2013, and Scandinavian Cybercrime Conference 2013, and T2 Infosec Conference.