Tuesday, July 24, 2012
Black Hat: Hotel Locks
This year at the Black Hat convention, Mozilla software developer Cody Brocious demonstrated a homebrewed device made for $50 that unlocks hotel rooms. The schematics for the device are open source and available on the Web. The company's locks are found on between four and five million hotel room doors worldwide. Brocious' device plugs into the DC port that is found on the bottom of the outside portion of the lock.
"[It] looks like a standard DC power port you'd see on something like a router," Brocious says. The hack simulates a device used by hotel room operators to program locks to accept certain master keys. The hacking device reads the lock's memory, obtains the cryptographic key information, and then sends that information to the door lock, allowing the hacker to gain entry to the room.
Brocious explains that the key information is easily accessible and not protected, thus allowing his device to obtain it so easily.
Testing a standard Onity lock Brocious ordered online, he was able to easily bypass the card reader and trigger the opening mechanism every time. But on three Onity locks installed on real hotel doors he and Andy Greenberg (from Forbes Magazine) tested, only one of the three opened. The third door took a second try, with Brocious taking a break to tweak his software between tests. But he believes that with more experimentation and tweaking, someone could easily access a significant fraction of hotel rooms around the country without leaving a trace.
Subscribe to:
Post Comments (Atom)
Keyless entry locks also known as electronic door locks add an additional level of security for both homeowners and business owners.Keyless entry is the preferred and usual mode of dealing with door locks nowadays.
ReplyDeletedoor locks