Saturday, October 6, 2012

Hacker opens locked hotel rooms with a magic marker


Share This article

In late July, security researcher Cody Brocious demonstrated how an Arduino microcontroller and a bit of programming could be used to open the doors on some four million hotel rooms. For Onity, the company that manufactured the electronic lock, it was bad news — but not too bad. While Brocious exposed just how stupid-easy it was to open Onity-secured doors, the equipment he used wasn’t exactly inconspicuous. The company downplayed his work as “unreliable and complex to implement.”

Bad move.

In the two months since news of the flaw went public, hackers have refined Brocious’ technique to improve the success rate and have succeeded in building an unlocker into a dry erase marker. In its original implementation, the code reader had a prominent wire running between the Arduino and the lock.
Original Arduino hack
Looks suspicious right? Now it’s down to this:
Dry erase marker
Here’s a video of the process for the doubtful:

Nothing comes out of the marker, the tip looks normal, and there’s no wire. Touch the tip of the marker to the door port, and voila, it unlocks.
Thus far, Onity’s response to the problem has been underwhelming. In August, the company announced that it would issue caps that a hotel could insert into every single data port in order to keep the attack from succeeding. These caps can only be removed by opening the lock case, and the company is also shipping Torx screws that can be used to secure the cases in lieu of standard Phillips heads. It’s also offering replacement locks that fix the issue, but only if customers are willing to pony up cash for the hardware.

This new announcement will ratchet up the pressure on the lock manufacturer to do the right thing and cover the parts (and the cost of replacing every single lock) itself because, by any reasonable standard, Brocious didn’t “hack” the locks at all. He built a digital parrot that could read an unencrypted code and transmit it back to the door. Refining the technology to fit into a marker is dangerous because it removes the visual cues that might otherwise tip off hotel staff or other travelers that something untoward is going on. People who would notice an individual inserting wires into a door won’t blink at a person standing in front of a room, fumbling with something, and then walking in.

About Dilips Techno Blog

A Daily Blog for Latest Reviews on Technology | Gadgets | Mobile | Laptop | Software and Hardware Reviews | Social Media | Games | Hacking and security | Tips and Tricks | Many more....

Dilips Techno Blog

Dilips Techno Blog