At Black Hat 2012, hacker Cody Brocious recently demonstrated a method of opening hotel room key card locks manufactured by Onity (which claims to have more than 4 million locks installed at more than 22,000 properties in 115 countries).
“Brocious’s exploit works by spoofing a portable programming device that hotel staff use to control a facility’s locks and set which master keys open which doors,” writes Forbes’ Andy Greenberg. “The portable programmer, which plugs into the DC port under the locks, can also open any door, even providing power through that port to trigger the mechanism of a door lock in which the battery has run out. The system’s vulnerability arises, Brocious says, from the fact that every lock’s memory is entirely exposed to whatever device attempts to read it through that port. Though each lock has a cryptographic key that’s required to trigger its ‘open’ mechanism, that string of data is also stored in the lock’s memory, like a spare key hidden under the welcome mat.”
“Brocious discovered the vulnerability in Onity’s lock system by accident, he says, while working for a startup called Unified Platform Management Corporation (UPM), which was attempting to create a universal lock system for hotels,” writes Digital Trends’ Andrew Couts. “Brocious was tasked with reverse engineering Onity’s locks, and thus discovered the ‘open sesame’ trick. UPM later sold the intellectual property to locksmith training school the Locksmith Institute for $20,000. In other words: The ability to open Onity locks is not new, nor is Brocious the only one who knows how to build the electronic lock pick device.”
“As for how Onity justifies such a stupendously disgusting lack of security, who knows,” writes ExtremeTech’s Sebastian Anthony. “Generally, as far as managerial types go, securing a system seems like a frivolous expense — until someone hacks you. In non-high-tech circles, hacks like this are par for the course — usually, a company doesn’t hire a security specialist until after its first high-profile hack. For a company that is tasked with securing millions of humans every night, though, it would’ve been nice if Onity had shown slightly more foresight.”