We’re sure that you guys have seen movies where hackers have attempted to break into rooms which use security cards by attaching some sort of gizmo to bypass the lock. If you thought that was merely Hollywood’s figment of imagination, think again as 24-year old security research, Cody Brocious, demonstrated at a Black Hat security conference just how real this is, and how easily 4 million hotel room keycard locks could be breached by his solution.
At the moment this seems limited to Onity branded locks, which comes with a DC power jack underneath it which is meant for reprogramming of the lock. Unfortunately it is the same power jack that led to its security flaw. Stored within the memory of the lock is a numeric key that unlocks the door. By using an open-sourced hardware gadget that Brocious put together for $50, he is able to obtain that numeric code simply by plugging into the DC power jack and open the lock in a matter of seconds.
While between 4 to 5 million hotel room keycard locks could be potentially breached, Brocious’ efforts gave mixed results when put in a real-life situation, causing only one out of three locks to open (his test on an Onity lock ordered online was successful everytime). Regardless this does expose some glaring vulnerabilities of hotel door locks and is something that hotels should be taking a look at, especially since valuables such as passports, cash, computers, and jewelry are sometimes kept in hotel rooms. Brocious is also expected to release the schematics to the device and the source code on his blog as well.
Filed in Hacking.
. Read more about