Operations Planner
«  »
SMTWTFS
 1234
567891011
12131415161718
19202122232425
262728293031 

Videos Show Hackers Refining Hotel Lock Trick That Opens Millions Of Rooms

publication date: Jul 21, 2016
 | 
author/source: Andy Greenberg, Forbes Staff
Print

Videos Show Hackers Refining Hotel Lock Trick That Opens Millions Of Rooms

A still from a video of computer tinkerer Richard Kindel demonstrating his Onity lock-opening device at a Michigan Hilton.

When lock maker Onity first responded last month to news that a hacker’s exploit could open millions of its keycard locks installed on hotel room doors around the world, it downplayed the attack on its hardware as “unreliable, and complex to implement.” It seems the hacker community took that statement as a challenge.

 

http://www.youtube.com/

In videos posted on YouTube and images passed around online forums, curious hackers are already replicating, testing, and refining the techniques that 24-year old Mozilla software developer Cody Brocious demonstrated at the Black Hat security conference in July.

In his presentation, Brocious showed how he was able to build a small tool for less than $50 that can be inserted into the data port on the bottom of more than four million Onity locks around the world to open them in seconds. But at the time of his talk, a timing issue in Brocious’s device meant it only worked in some instances–When I visited three hotels with him to test the exploit, he was only able to open a door in one of the three.

That issue, Onity may be unhappy to discover, seems to have been ironed out. In videos floating around YouTube, hackers plug their own homemade versions of Brocious’s device into Onity locks and open them immediately.

Here’s one video demonstrating the trick:

 

http://www.youtube.com/watch?v=

And here’s another, with a Pink Panther soundtrack for added intrigue.

And a third:

 

That last video shows Richard Kindel, a 32-year-old call center employee and self-described “computer nerd and tinkerer” testing his implementation of Brocious’s hack at a Michigan Hilton. Kindel says that after he first heard of the exploit, he read Brocious’s online whitepaper and set about trying to create his own hotel door opener. “The parts list was super simple, so I went to Radio Shack and put it together,” he says. “I did it because I could.”

Kindel’s device didn’t open Onity’s locks on his first attempt. But he communicated with Brocious in an IRC chatroom Brocious created for hackers interested in his lock-hacking work. After a few tweaks, Kindel says he’s now able to reliably open the Hilton’s doors–he hasn’t tried other hotels yet.

 

Videos Show Hackers Refining Hotel Lock Trick That Opens Millions Of Rooms

Page 2 of 2

A $41 version of the Onity lock-opening device built by Mr_Q.

Another hacker in Brocious’s chatroom had even less trouble reproducing the trick. The recently graduated student in network security, who goes by the name Mr_Q, told me he built a $41 version of Brocious’s device (shown at left) that worked on the first try on five doors at a local hotel.

A version of the lock opener designed to look (at least from the back) like an iPhone.

Other visitors to Brocious’s chat forum say they’ve built models that fit into an aluminum wallet small enough to be hidden in a back pocket, or even in an iPhone case. (Shown below at left.)

In a statement earlier this month, Onity responded to Brocious’s hack with a plan to fix the security vulnerability he and these other hackers have demonstrated. But that fix, which it said would get underway by the end of the month, seems to give hotels two options: Either insert caps in the data ports that can only be removed by opening the locks’ cases (and which also prevent the use of the portable programming device for which the port was intended) or pay to have components in the lock replaced. Neither option seems likely to appeal to Onity’s customers, and Brocious has criticized the company’s response in his own lengthy statement.

Onity has now removed all details of its security patch from its website, and replaced them only with a number for customers to call and this short statement: “Onity places the highest priority on the safety and security its products provide. Working directly with our customers we have developed, and started to deploy improvements for our locks.”

With that cagey response from Onity, the hacker who calls himself Mr_Q says it’s important for researchers other than Brocious to prove in public that the hack works. But he also worries about what the technique’s spread could mean for hotel guests’ security. “I honestly think this information is a double edged sword,” he writes to me by instant message. “It forces the lock companies to look at the security of their digital locks but it also allows almost anyone to make one of these devices and start opening doors.”

Mr_Q argues Brocious should have worked with Onity to fix the locks’ vulnerabilities before publicizing his work. But now that the hack is out in the open, he says, it’s time for Onity to take responsibility for its defective products. “If Ford’s locking system was found to have a flaw like this do you think the customer should have to pay for replacement or a plastic cap/ band aid?” he asks. “Onity should take the responsibility of replacing the locks. Free of charge…Their response leaves a lot to be desired.”



Search the Site