As I detailed in the presentation, there are two sides to this: raw memory access, and broken crypto.  Fixing the raw memory access is /fairly/ easy (requires flashing (if possible) or replacing locks, and an update to the portable programmer (swap the EPROM or whole unit)), but fixing the broken crypto requires a *lot* more work.  I have this suspicion that only the former will happen, not the latter.

Who says the 10 more guys didn’t already do just that?

It’s been an interesting journey; gotta find something new to take apart.

Whether or not you think this work is noble and/or just (I personally wouldn’t use either of those words for this), it’s definitely not industry sabotage.  I have nothing to personally gain from this; had I released this info two years ago, I certainly couldn’t have said the same.

Every bit of reversing I did was black box, though; sit on the wire and capture data, then start emulating one side or the other.  Much simpler in this case than pulling firmware and going down to the code level.

(Also, I can’t tell you how nice it is to see a technical question mixed in here.  So much more fun to answer than everything else.)

If someone wanted to gain entry to a hotel room, well, that’s easy in several other methods.

and i still think it’s a technically cunning crack to notably poor engineered security.  *i* wouldn’t have thought of trying that.

It’s possible the companies have improved the security at the same time, but I would be completely unsurprised if most of their security hinges on being a proprietary protocol. 

Also, he spent years on this, you should be appreciative of his time instead of calling him an asshole.

Why? Because their are 10 more guys that would have immediately sold this for illegal reasons and not gone public at all. The guys that go public are heros, not assholes.

An open source project finding security weaknesses is something I can understand and support. Please ignore all my other comments.

whereas, this way this (technically cunning) guy might actually help to protect your kit in your hotel.

There are easier vulnerabilities to exploit.

This is interesting, but not a significant security reduction as it stands… and I’m not convinced it can be turned into one. (He says, speaking as both programmer and locksmith.)

However, the study seems to be looking more into the fact that you can trick the device into thinking you’re using a master key, so this is still a possibilty.

Do you mean to say that with a lot of effort, highly technical and specialized equipment, and years of training in systems bypassing, an expert in computers and software can hack open an electronic, software based lock some of the time? 

Good on him for finding it, but the fear in the linked article is a little much.

Edit: after getting to the end of the linked article, it’s super hilarious:

Brocious says he stumbled upon the the flaws in Onity’s locks while working as the chief technology officer for a startup called Unified Platform Management Corporation, which sought to compete with bigger players in the hotel lock industry by creating a universal front end system for hotels that used common lock technologies. Brocious was hired to reverse engineer hotel locks, and Onity was his first target. The discovery of Onity’s security vulnerabilities was entirely unintentional, he says.

Priceless! So this is the “black hat”? A “mozilla dev and security researcher”, who is actually an employee of a company working to reverse engineer locks and find vulnerabilities in them so that his employer could use those vulnerabilities to push them out of the market. And his desire to publish all vulnerabilities online, INCLUDING the source code to his device, thus making his competitors’ locks vulnerable is somehow something noble and just?

This is hilarious industry sabotage, dressed up with the language of hackers. And a conspicuous neckbeard.