Establishing Digital Trust: Don't Sacrifice Security for Convenience
Following Cody Brocious' demonstration of a security flaw in Onity hotel room locks, Trustwave SpiderLabs researcher Matt Jakubowski recently provided instructions on how to fit all the equipment required inside a dry erase marker.
"While Brocious exposed just how stupid-easy it was to open Onity-secured doors, the equipment he used wasn’t exactly inconspicuous," writes ExtremeTech's Joel Hruska. "The company downplayed his work as 'unreliable and complex to implement.' Bad move."
"Brocious' original proof, which inspired many copycats, was a clunky, conspicuous device that would have drawn the suspicions of anyone wandering down a hotel hall," writes TechNewsDaily's Ben Weitzenkorn. "But now that it can be fit into something as benign as a marker, the quick hack could be performed with discreet ease."
"They’d originally wanted to use a pen, because 'penetration testers' is often shortened to 'pentesters,' but they eventually made the call that they were just too small," writes Geekosystem's Rollin Bishop. "Even so, a dry erase marker isn’t suspicious in and of itself, so anyone caught with one isn’t going to be immediately suspected of breaking and entering."
"Jakubowski says he hopes that the latest update to the Onity-hacking tool will make it clearer than ever that hotels and companies like Onity need to do more to secure their locks," writes Forbes' Andy Greenberg. "'When you see a pen doing this it ought to open customers' eyes a little more,' he says. 'If you make customers more aware that this is out there, I hope that will put pressure on hotel lock makers to make sure their locks are secure.'"
"We’ll just hope the next time we see someone wandering hotel hallways with a Dry Erase marker in hand that there’s some kind of White Board Enthusiast convention in town," writes Betabeat's Steve Huff.