Hacker exposes serious security flaw in millions of hotel key card locks
Mozilla software developer and security researcher Cody Brocious was able to bypass key card locks made by Onity, a security company that sells such products to hotels and other businesses, and which has an estimated five million of them in use today.
The hack was done using a gadget built for less than $50 dollars and powered by open-sourced Arduino, for the necessary programming.
According to Brocious, every lock's memory could be directly accessed through a built-in serial port. This essentially allows their cryptographic key to be copied out and used to open a door within a fraction of a second. Brocious said the 32 bit encryption used by the typical key cards in the Onity system is also easy to decrypt. "The system is broken at every layer," said Brocious, who noted that there is no easy way to update the firmware.
Although Brocious was only able to open only one out of three locks in a real-world demonstration for Forbes, the fact that it could even be done suggests the presence of real, exploitable flaws in Onity's security products.
Brocious apparently did not approach Onity about the flaw ahead of his talk, which is sure to spark some controversy among other security researchers. The reason he did not, he told Forbes, was because he sees "no path to mitigate this from Onity's side." According to Brocious, "the best way to help hotels at this point is educate them about this, not to go through Onity and delay getting the information out longer."