Cody Brocious -- a Mozilla dev and security researcher -- presented a paper on a vulnerability in hotel-door locks last month at Black Hat. Many electronic hotel door-locks made by Onity have a small DC power-port that also supplies data beneath them. Brocious showed that if he plugs an Arduino into these locks, reads out the 24-bit number sitting there, and re-transmits it to them, some appreciable fraction of them (but not all of them) spring open.
Testing a standard Onity lock he ordered online, he’s able to easily bypass the card reader and trigger the opening mechanism every time. But on three Onity locks installed on real hotel doors he and I tested at well-known independent and franchise hotels in New York, results were much more mixed: Only one of the three opened, and even that one only worked on the second try, with Brocious taking a break to tweak his software between tests.
Even with an unreliable method, however, Brocious’s work–and his ability to open one out of the three doors we tested without a key–suggests real flaws in Onity’s security architecture. And Brocious says he plans to release all his research in a paper as well as source code through his website following his talk, potentially enabling others to perfect his methods.
Brocious’s exploit works by spoofing a portable programming device that hotel staff use to control a facility’s locks and set which master keys open which doors. The portable programmer, which plugs into the DC port under the locks, can also open any door, even providing power through that port to trigger the mechanism of a door lock in which the battery has run out.
Hacker Will Expose Potential Security Flaw In Four Million Hotel Room Keycard Locks
Justine Haupt made this handsome and completely functional rotary cellphone. Her design is open-source and you can even buy a case kit from her company, Sky’s Edge Robotics. You have to find and carefully modify your own rotary dial, though — they’re apparently no longer made — as well as a few other components. Why […]
Samsung claims to have developed an “Ultra Thin Glass” for its new Galaxy Z Flip foldable smartphone, signalling scratch resistance and durability beyond that of similar products. But tests conducted by Zack Nelson using a Mohs Hardness Testkit [Amazon] — a set of styluses made of different materials — show that it is no more […]
There is very little evidence that Ring reduces crime. Hundreds of police departments have signed agreements with Amazon-owned Ring to obtain access to the home surveillance camera footage. Interviews with many of them, in 8 different states, show little to no evidence that Ring actually deters criminal activity.
Two-thirds of American adults drink coffee every day. On average, they’re each drinking about three cups per day, which works out to nearly 400 million cups downed each and every day. We don’t have stats on what percentage of those cups are God awfully bad, but you have to assume with so many ways to […]
For those with a writing flair, the thought of building a career as a professional copywriter should probably have some appeal. Thankfully, it’s also an in-demand job skill with the average copywriter making a healthy $60,000 a year for their efforts. But even if you have a way with words, you still need the industry […]
While we all love our iPhones and iPads, celebrating the releases of their latest and greatest versions, it’s amusing to consider how much we at the same time HATE the main item that keeps these little tech marvels powered up and working. No, Lightning cables don’t exactly inspire feelings of awe and wonder. It’s more […]