$50 Hacking Device Opens Millions of Hotel Room Locks

A black hat hacker has discovered an easy, cheap method for opening hotel room door locks manufactured by Onity.

If you're staying at hotel, it might be a good idea to check the manufacturer of your door lock. A black hat hacker has unveiled a method that allows a fairly simple hardware gadget to unlock door locks manufactured by Onity.

Mozilla software developer Cody Brocious recently discovered two vulnerabilities within Onity's locks. Brocious was able to exploit said vulnerabilities with a device that cost him $50 to build. The schematics for the device are open source and available on the Web. Brocious will present his findings at the Black Hat Security Conference in Las Vegas on Tuesday night.

Onity tells PCWorld that it is aware of Brocious' work, but has declined to comment until it reviews additional information on the hack itself.

"Onity is prepared to address any potential issues posed by the presentation," a spokesperson said.

The company's locks are found on between four and five million hotel room doors worldwide. Brocious' device plugs into the DC port that is found on the bottom of the outside portion of the lock.

"[It] looks like a standard DC power port you'd see on something like a router," Brocious says. When the device is plugged in and powered up, it will, in theory, cause the door to unlock. The hack simulates a device used by hotel room operators to program locks to accept certain master keys. The hacking device reads the lock's memory, obtains the cryptographic key information, and then sends that information to the door lock, allowing the hacker to gain entry to the room.

Brocious explains that the key information is easily accessible and not protected, thus allowing his device to obtain it so easily.

That said, the hack doesn't work every time. In tests performed for Forbes Magazine, Brocious was only able to open one of three Onity-made locks at a hotel in New York City, and only after trying twice on the door that finally unlocked. The problem appears to be due to issues in the timing of how his device communicates with the lock.

Regardless, the issue is serious enough to cause worry for hotel room operators. Hotel room theft is already a problem they deal with on a regular basis: if a device like this gets in the wrong hands, thieves will become all the more effective.

For more tech news and commentary, follow Ed on Twitter at @edoswald, on Facebook, or on Google+.

Copyright © 2012 IDG Communications, Inc.

8 pitfalls that undermine security program success