[youtube=http://www.youtube.com/watch?v=QyN-8CeNSZg]
A trio of hackers have built a tool that appears to be an innocent dry erase marker, but when inserted into the port on the bottom of a common form of hotel room keycard lock triggers the lock’s open mechanism in a fraction of a second.
The security researchers who spend their days breaking into clients’ systems to find and fix security vulnerabilities often call themselves “penetration testers,†or “pentesters.†But one group of hotel lock hackers just gave the term “pentest†a very different meaning.
The inconspicuous lock hacking device is an adaption of one demonstrated at the Black Hat security conference in July by Cody Brocious, a hacker and software developer for Mozilla, who discovered and exploited a vulnerability in Onity locks, a cheap and popular hotel room lock that the company says are used on at least four million hotel rooms worldwide. Through the port on the bottom of the lock intended for a device that hotels can use to set master keys, Brocious found he was able to read the lock’s memory, including a decryption key stored on the locks that gave him access to their opening mechanism.
