Locks used in more than 4 million hotel rooms can be defeated with some inexpensive hardware and some software, a security researcher demonstrates for Forbes.
You may not be as safe in your locked hotel room as you think.
Keycard door locks from Onity -- used in more than 4 million hotel rooms
around the world -- are susceptible to vulnerabilities that could lead
to a security bypass, according to Cody Brocious, a 24-year-old Mozilla
developer and security researcher. Brocious, who is expected to present
his findings at the Black Hat security conference tomorrow, showed Forbes how he is able to open hotel doors with a gadget he built with materials costing less than $50.
Brocious' device spoofs a portable programming device used to control
door locks, Forbes explains. In a demonstration, Brocious shows how a
plug inserted into a DC port on the underside of the lock could spring
the hotel door lock.
"I plug it in, power it up, and the lock opens," he said.
However, the technique did not always work on locks installed on real
hotel room doors. In fact, it only worked once and only after Brocious
reprogrammed the device -- an unreliability he attributed to timing
issues with how the device communicates with the lock.
The vulnerability occurs because the exposed port allows any device to
read the lock's memory, where a string of data is stored that will
trigger its "open" mechanism. He also said that his former employer
reverse-engineered Onity's front desk system and sold it to a locksmith
training company last year for $20,000.
"With how stupidly simple this is, it wouldn't surprise me if a thousand
other people have found this same vulnerability and sold it to other
governments," Brocious said. "An intern at the NSA could find this in