Thursday, July 26, 2012

$50 Hacking Device Opens Millions of Hotel Room Locks

If you're staying at hotel, it might be a good idea to check the manufacturer of your door lock. A black hat hacker has unveiled a method that allows a fairly simple hardware gadget to unlock door locks manufactured by Onity.

Mozilla software developer Cody Brocious recently discovered two vulnerabilities within Onity's locks. Brocious was able to exploit said vulnerabilities with a device that cost him $50 to build. The schematics for the device are open source and available on the Web. Brocious will present his findings at the Black Hat Security Conference in Las Vegas on Tuesday night.

Onity tells PCWorld that it is aware of Brocious' work, but has declined to comment until it reviews additional information on the hack itself. (more)
 
Chilling thought...

Framing hotel staff for murder
"Given the ability to read the complete memory of the lock, it is possible to gain access to the master key card codes. With these -- in combination with the sitecode for encryption -- it is possible to create master cards which will gain access to locks at the property.

Let's look at a hypothetical situation:
• An attacker uses the before-mentioned vulnerabilities to read the memory of the lock
• Attacker uses the site-code and master key card codes to generate one or more master cards
• Attacker uses a master card to enter a room
• Attacker murders the victim in the room
• Attacker escapes

During the course of investigation, it's quite possible that the criminal investigators may look at the audit report for the lock, to see who entered the door at what time. Upon doing so, they will see a specific member of the staff (as the key cards are uniquely identified in the ident field) using a master key card to gain access to the room near the time of death.

Such circumstantial evidence, placing a staff member in the room at the time of death, could be damning in a murder trial, and at least would make that staff member a prime suspect. While other factors (e.g. closed circuit cameras, eyewitnesses, etc) could be used to support the staff member's case, there's no way we can know whether or not the audit report is false."
On the other hand... Brocious's work has just given hotel workers a "Get out of jail" card.