by:
If you’re a hotel security professional, you may want to take a look at the research one hacker presented at last week’s Black Hat security conference in Las Vegas. If you’re anyone who stays in hotels, it will probably interest you as well.
Cody Brocious, a Mozilla software developer and security researcher, presented a paper at the conference on the vulnerabilities of the Onity HT lock system, which he claims is installed on about 10 million hotel guest room doors worldwide.
In the paper, Brocious claims the locks are “insecure by design” and exposes a number of what he calls “critical, unpatchable vulnerabilities.”
The security hole Brocious was able to exploit is the DC port that exists at the bottom of the locks, which with the right device and a simple piece of open-source software offers access to the lock’s memory. Brocious can plug his device, which he built for less than $50, into an Onity HT lock and, most of the time, gain access to the room, according to Forbes. Brocious claims it’s not 100 percent reliable at the moment, but it’s only a matter of time before he successfully tweaks his software to increase its success rate.
His paper is not an easy read, geared toward an audience of hackers, computer programmers and cryptographers. It even includes the software program that would allow such a device to pick the Onity HT locks. The Forbes article is much more accessible to the non-programmer reader.
Though he presented his research last week, Brocious’s hack is not news to everyone. According to Forbes, Brocious’s former employer, a startup that tried to re-engineer Onity’s hotel front desk system and develop a cheaper alternative, sold the intellectual property behind his hack to the Locksmith Institute last year for $20,000. “With how stupidly simple this is, it wouldn’t surprise me if a thousand other people have found this same vulnerability and sold it to other governments,” Brocious told Forbes. “An intern at the NSA could find this in five minutes.”
Next time I’m at a hotel I’ll be sure to run my fingers underneath the door lock and feel for a DC port.
In the paper, Brocious claims the locks are “insecure by design” and exposes a number of what he calls “critical, unpatchable vulnerabilities.”
The security hole Brocious was able to exploit is the DC port that exists at the bottom of the locks, which with the right device and a simple piece of open-source software offers access to the lock’s memory. Brocious can plug his device, which he built for less than $50, into an Onity HT lock and, most of the time, gain access to the room, according to Forbes. Brocious claims it’s not 100 percent reliable at the moment, but it’s only a matter of time before he successfully tweaks his software to increase its success rate.
His paper is not an easy read, geared toward an audience of hackers, computer programmers and cryptographers. It even includes the software program that would allow such a device to pick the Onity HT locks. The Forbes article is much more accessible to the non-programmer reader.
Though he presented his research last week, Brocious’s hack is not news to everyone. According to Forbes, Brocious’s former employer, a startup that tried to re-engineer Onity’s hotel front desk system and develop a cheaper alternative, sold the intellectual property behind his hack to the Locksmith Institute last year for $20,000. “With how stupidly simple this is, it wouldn’t surprise me if a thousand other people have found this same vulnerability and sold it to other governments,” Brocious told Forbes. “An intern at the NSA could find this in five minutes.”
Next time I’m at a hotel I’ll be sure to run my fingers underneath the door lock and feel for a DC port.
