1. 09:52 25th Jul 2012

    Notes: 8

    Tags: TechTechnologyHackingHackersSecurityTravelHardwareSoftwareArduinoDIY

    image: Download

    Four Million Hotel Key-Card Locks Can Be Cracked in 1/4 Second With an Arduino At risk are four million hotel rooms secured by Onity programmable key card locks. According to Brocious, who should be scolded for not disclosing the hack to Onity before going public, there is no easy fix: There isn’t a firmware upgrade — if hotels want to secure their guests, every single lock will have to be changed. …At the base of every Onity lock is a small barrel-type DC power socket (just like on your old-school Nokia phone). This socket is used to charge up the lock’s battery, and to program the lock with a the hotel’s “sitecode” — a 32-bit key that identifies the hotel. By plugging an Arduino microcontroller into the DC socket, Brocious found that he could simply read this 32-bit key out of the lock’s memory. No authentication is required — and the key is stored in the same memory location on every Onity lock. …By playing this 32-bit code back to the lock… it opens. According to Brocious, it takes just 200 milliseconds to read the sitecode and open the lock. “I plug it in, power it up, and the lock opens,” Brocious says. His current implementation doesn’t work with every lock, and he doesn’t intend to take his work any further, but his slides and research paper make it very clear that Onity locks, rather ironically, lack even the most basic security… “With how stupidly simple this is, it wouldn’t surprise me if a thousand other people have found this same vulnerability and sold it to other governments,” says Brocious, in an interview with Forbes. “An intern at the NSA could find this in five minutes.” (via Black Hat hacker gains access to 4 million hotel rooms with Arduino microcontroller | ExtremeTech)

    Four Million Hotel Key-Card Locks Can Be Cracked in 1/4 Second With an Arduino

    At risk are four million hotel rooms secured by Onity programmable key card locks.

    According to Brocious, who should be scolded for not disclosing the hack to Onity before going public, there is no easy fix: There isn’t a firmware upgrade — if hotels want to secure their guests, every single lock will have to be changed.

    …At the base of every Onity lock is a small barrel-type DC power socket (just like on your old-school Nokia phone). This socket is used to charge up the lock’s battery, and to program the lock with a the hotel’s “sitecode” — a 32-bit key that identifies the hotel.

    By plugging an Arduino microcontroller into the DC socket, Brocious found that he could simply read this 32-bit key out of the lock’s memory. No authentication is required — and the key is stored in the same memory location on every Onity lock.

    …By playing this 32-bit code back to the lock… it opens. According to Brocious, it takes just 200 milliseconds to read the sitecode and open the lock. “I plug it in, power it up, and the lock opens,” Brocious says.

    His current implementation doesn’t work with every lock, and he doesn’t intend to take his work any further, but his slides and research paper make it very clear that Onity locks, rather ironically, lack even the most basic security…

    “With how stupidly simple this is, it wouldn’t surprise me if a thousand other people have found this same vulnerability and sold it to other governments,” says Brocious, in an interview with Forbes. “An intern at the NSA could find this in five minutes.”

    (via Black Hat hacker gains access to 4 million hotel rooms with Arduino microcontroller | ExtremeTech)

     
    1. cardsharper reblogged this from consultingcocktease
    2. consultingcocktease reblogged this from joshbyard
    3. noctowl89 reblogged this from joshbyard
    4. mylifethroughthewindow reblogged this from joshbyard
    5. joshbyard posted this