Hacker finds flaw in hotel locks, can ruin your vacation with $50 DIY

[Detection]

Hacker finds flaw in hotel locks, can ruin your vacation with $50 DIY gadget

Admittedly, the headline is designed to get your dander up.

You're in no immediate danger of a technologically-gifted thief plugging a couple of wires into your hotel door and making off with your sack of souvenirs from the Mall of America.

But that's not to say it's impossible. Cody Brocious, who was recently brought on by Mozilla to work on Boot to Gecko, is giving a presentation at the annual Black Hat conference in Vegas where he demonstrates a method for cracking open keycard locks with a homemade $50 device.

The hack only works on locks made by Onity at the moment, and real life testing with a reporter from Forbes only succeeded in opening one of three hotel doors.

Still, with between four and five million Onity locks installed across the country (according to the company), that is a lot of vulnerable rooms. The attack is possible thanks to a DC jack on the underside of the lock that's used to reprogram the doors.

This provides direct access to the lock's memory, which is also home to the numeric key required to release the latch -- a key that is protected by what Brocious described as "weak encryption."

Ultimately the source code and design for the Arduino-based unlocker will be published online alongside a research paper explaining how these locks work and why they're inherently insecure.

The hope is that manufacturers will take notice and improve the security of their wares before the world's ne'er-do-wells perfect Brocious' technique.

Source

-------

Raspberry Pi anyone ? :p

[Argi]

The hope is that manufacturers will take notice and improve the security of their wares before the world's ne'er-do-wells perfect Brocious' technique.

The unfortunate thing is that this rarely happens after disclosure with a lot of these companies. :/

[perochan]

i like his tshirt.

[Hum]

Let's see him hack my Doberman ... :shiftyninja:

[Obi-Wan Kenobi]

one problem: In the southern US, there are these "safes" inside the rooms, that claim to charge you....well, big duh, all of the passwords are 0000...LMAO, so this is not news unless you are gullible or travel a lot.....if you DO, I feel bad for you. ;) (social hacking much?)

Oh, and LMAO at the "hacker" above...what, did he have a few days to figure this out? LOL!!!! C'mon.....this isn't a movie already....

[Detection]

I think I would be asking how to change the code if I found out my safes code was 0000

[sagum]

Let's see him hack my Doberman ... :shiftyninja:

Why would you have a doberman in your hotel room? :o

The hope is that manufacturers will take notice and improve the security of their wares before the world's ne'er-do-wells perfect Brocious' technique.

And this is why I love black hat hacking. They provide me with an edge over the criminals. I'll be sure to put my important documents, credit cards and expensive stuff in the hotel room's safe.. oh wait, no I wont as thats less secure then the room's door!

[Guest nicconics]

<quick, insert comment about fat greasy American taking over the world one hotel room at a time!>

[TEX4S]

truth in stereotypes - look @ that guy. That pic was the only time he left his grandmother's basement.

Guy has definately not been laid without the use of ether

[FloatingFatMan]

truth in stereotypes - look @ that guy. That pic was the only time he left his grandmother's basement.

Guy has definately not been laid without the use of ether

Jealousy is such an ugly emotion.

[TEX4S]

Jealousy is such an ugly emotion.

LOL - ssshhhh

Only known pic of me - the cameras keep breaking for some reason.

[Raa]

Lucky I always bolt the door! :laugh:

[xpablo]

Great! Just as I'm on Holidays for the next couple of weeks staying at various hotels and motels with these types of locks. :s

[srbeen]

Great! Just as I'm on Holidays for the next couple of weeks staying at various hotels and motels with these types of locks. :s

Good thing he came public about it then, who knows how many criminals have been exploiting this for years.... Guess this is why they have security cameras now too :p

[srbeen]

Lucky I always bolt the door! :laugh:

er, you stay in your hotel during your whole time travelling? I didn't know you could bolt from outside with a card.

[Growled Member]

Just shows the bad guys never quit. They are always looking for a new angle.