Share This article
Bad move.
In the two months since news of the flaw went public, hackers have refined Brocious’ technique to improve the success rate and have succeeded in building an unlocker into a dry erase marker. In its original implementation, the code reader had a prominent wire running between the Arduino and the lock.
Looks suspicious right? Now it’s down to this:
Here’s a video of the process for the doubtful:
Nothing comes out of the marker, the tip looks normal, and there’s no wire. Touch the tip of the marker to the door port, and voila, it unlocks.
Thus far, Onity’s response to the problem has been underwhelming. In August, the company announced that it would issue caps that a hotel could insert into every single data port in order to keep the attack from succeeding. These caps can only be removed by opening the lock case, and the company is also shipping Torx screws that can be used to secure the cases in lieu of standard Phillips heads. It’s also offering replacement locks that fix the issue, but only if customers are willing to pony up cash for the hardware.
This new announcement will ratchet up the pressure on the lock manufacturer to do the right thing and cover the parts (and the cost of replacing every single lock) itself because, by any reasonable standard, Brocious didn’t “hack” the locks at all. He built a digital parrot that could read an unencrypted code and transmit it back to the door. Refining the technology to fit into a marker is dangerous because it removes the visual cues that might otherwise tip off hotel staff or other travelers that something untoward is going on. People who would notice an individual inserting wires into a door won’t blink at a person standing in front of a room, fumbling with something, and then walking in.