Hospitality Industry Security Risks: Electronic Hotel Room Locks Shown To Be Vulnerable To "Hardware Gadgets"

The system’s vulnerability arises, Brocious says, from the fact that every lock’s memory is entirely exposed to whatever device attempts to read it through that port. Though each lock has a cryptographic key that’s required to trigger its “open” mechanism, that string of data is also stored in the lock’s memory, like a spare key hidden under the welcome mat.

At the Black Hat security conference Tuesday evening, a Mozilla software developer and 24-year old security researcher named Cody Brocious plans to present a pair of vulnerabilities he’s discovered in hotel room locks from the manufacturer Onity, whose devices are installed on the doors of between four and five million hotel rooms around the world according to the company’s figures. Using an open-source hardware gadget Brocious built for less than $50, he can insert a plug into that DC port and sometimes, albeit unreliably, open the lock in a matter of seconds. “I plug it in, power it up, and the lock opens,” he says simply.

The ability to access the devices’ memory is just one of the two vulnerabilities Brocious says he found in Onity’s locks. He says the company also uses a weak encryption scheme that allows him to derive the “site code”–a unique numerical key for every facility–from two cards encoded one after another for the same room. By reading the encrypted data off of two cards and testing thousands of potential site codes against both cards until the decoded data displays a predictable interval between the two, he can find the site code and use it to create more card keys with a magnetizing device. But given that he can only create more cards for the same room as the two keys he’s been issued, that security flaw represents a fairly low risk compared with the ability to open any door arbitrarily.

For more:  http://www.forbes.com/sites/andygreenberg/2012/07/23/hacker-will-expose-potential-security-flaw-in-more-than-four-million-hotel-room-keycard-locks/

(Visited 154 times, 1 visits today)

6 Comments

Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Technology

6 Responses to Hospitality Industry Security Risks: Electronic Hotel Room Locks Shown To Be Vulnerable To "Hardware Gadgets"

  1. This is more useful information about the hotel room electrical locks.so many people facing the problem in electrical locks…

  2. This is more useful information about the hotel room electrical locks.so many people facing the problem in electrical locks…

  3. Jesse

    Conventional burglary tools present far more of a hazard to guest than this techie with his amazing electronic machine. If the industry could teach the guest to deadbolt their doors they would be much more secure than they area at present.

    • Michael

      Jesse,

      Even if you through the deadbolt the lock would still open with this device. These locks are anti panic. This means that general master cards normally open both latch and deadbolt.

      Michael

  4. Jesse

    Conventional burglary tools present far more of a hazard to guest than this techie with his amazing electronic machine. If the industry could teach the guest to deadbolt their doors they would be much more secure than they area at present.

    • Michael

      Jesse,

      Even if you through the deadbolt the lock would still open with this device. These locks are anti panic. This means that general master cards normally open both latch and deadbolt.

      Michael