Earlier this week, Cody Brocious (Daeken) gave a presentation at the Black Hat conference in Las Vegas showing how it was possible to hack and open hotel door locks (Onity HT lock systems), using an Arduino Mega 128 board, a 5.6 kOhm resistor and a DC barrel plug to physically mate with the lock (Total price: around $20). He explains that 4 million hotel rooms are fitted with this type of lock, which means you could potentially stay for free anywhere in the world. Obviously, you could also end-up in another type of room (including free food) for a longer period of time. That looks like a win-win situation to me 🙂
Coby also explains how you could use the sitecode to create your own key cards, and that it possible to hack those magnetic cards within 35 minutes with a single core CPU, or less than 1 minute using Amazon EC2 for less than 1 dollar.
In the last part of his presentation, he explains how to mitigate this weak security, and since the lock firmware cannot be upgraded, they would have to replace all 4 million locks and front desk equipment.
For further details, you can read his presentation and well as the paper which includes the Arduino sketch and a Python implementation of the card crypto.
Via: H-Online
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.