Black Hat hacker gains access to 4 million hotel rooms with Arduino microcontroller

This hack was demonstrated by Cody Brocious, a Mozilla software developer, at the Black Hat security conference in Las Vegas. At risk are four million hotel rooms secured by Onity programmable key card locks. According to Brocious, who should be scolded for not disclosing the hack to Onity before going public, there is no easy fix: There isn’t a firmware upgrade — if hotels want to secure their guests, every single lock will have to be changed.

The hack in its entirety is detailed on Brocious’s website, but in short: At the base of every Onity lock is a small barrel-type DC power socket (just like on your old-school Nokia phone). This socket is used to charge up the lock’s battery, and to program the lock with a the hotel’s “sitecode” — a 32-bit key that identifies the hotel. By plugging an Arduino microcontroller into the DC socket, Brocious found that he could simply read this 32-bit key out of the lock’s memory. No authentication is required — and the key is stored in the same memory location on every Onity lock.

The paper and slides from Cody’s presentation can be found on his I, Hacker website.

Via ExtremeTech.

Join the Conversation

10 Comments

  1. Guess this the problem when you rush something to market and make it as cheap and as simple as possible.

    Here’s a crazy idea: remove the ability to read memory in a security based device, especially the code to unlock it!

  2. Great! In addition to bedbugs, now we have to be on the lookout for C Everett Koop’s younger brother dropping in on us when we stay at hotel.

  3. “hackers first exposed the problem… using more primitive gatgets”

    laughed so hard when I heart it. So hiding basically the same hardware on a marker is way more hitech.

Leave a comment

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.