Skip to main content

Your hotel room keycard lock is vulnerable to hackers

Onity HT24 lock
Image used with permission by copyright holder

The next time you stay at a hotel with keycard locks on your room door — that is to say, nearly any hotel nowadays — beware: You may not be the only one who can get in. And we’re not talking about the cleaning staff.

This is the warning of 24-year-old Mozilla software developer and self-described hacker Cody Brocious, who recently showed Forbes’ Andy Greenberg just how vulnerable some 4 million of the keycard locks used in popular hotels are to hacker trickery.

Brocious, who will present his complete findings at the Black Hat security conference in Las Vegas on Thursday, found that keycard locks made by manufacturer Onity can sometimes be opened using a $50 homemade, open-source gadget that plugs into the DC port located at the bottom of the lock housing. Brocious’s hacking tool works because the DC power port allows access to the lock’s memory (the lock is controlled by a simple computer, after all), which contains a piece of code that tells the lock to open, explains Greenberg. Just plug in the device, and a few seconds later, “click,” and you’re in.

At least, that’s how it is supposed to work — in practice, it’s not that reliable. Greenberg says that of the three doors Brocious attempted to demonstrate the tool’s ability on, only one worked — after the second try.

Brocious discovered the vulnerability in Onity’s lock system by accident, he says, while working for a startup called Unified Platform Management Corporation (UPM), which was attempting to create a universal lock system for hotels. Brocious was tasked with reverse engineering Onity’s locks, and thus discovered the “open sesame” trick. UPM later sold the intellectual property to locksmith training school the Locksmith Institute for $20,000. In other words: The ability to open Onity locks is not new, nor is Brocious the only one who knows how to build the electronic lock pick device.

When Greenberg contacted Onity to ask about its locks’ vulnerability, the company said it had not heard of Brocious’s invention, and ” places the highest priority on the safety and security provided by its products and works every day to develop and supply the latest security technologies to the marketplace.”

Not exactly reassuring, to say the least. Perhaps now you’ll make good use of that deadbolt.

Editors' Recommendations

Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
This AI cloned my voice using just three minutes of audio
acapela group voice cloning ad

There's a scene in Mission Impossible 3 that you might recall. In it, our hero Ethan Hunt (Tom Cruise) tackles the movie's villain, holds him at gunpoint, and forces him to read a bizarre series of sentences aloud.

"The pleasure of Busby's company is what I most enjoy," he reluctantly reads. "He put a tack on Miss Yancy's chair, and she called him a horrible boy. At the end of the month, he was flinging two kittens across the width of the room ..."

Read more
Digital Trends’ Top Tech of CES 2023 Awards
Best of CES 2023 Awards Our Top Tech from the Show Feature

Let there be no doubt: CES isn’t just alive in 2023; it’s thriving. Take one glance at the taxi gridlock outside the Las Vegas Convention Center and it’s evident that two quiet COVID years didn’t kill the world’s desire for an overcrowded in-person tech extravaganza -- they just built up a ravenous demand.

From VR to AI, eVTOLs and QD-OLED, the acronyms were flying and fresh technologies populated every corner of the show floor, and even the parking lot. So naturally, we poked, prodded, and tried on everything we could. They weren’t all revolutionary. But they didn’t have to be. We’ve watched enough waves of “game-changing” technologies that never quite arrive to know that sometimes it’s the little tweaks that really count.

Read more
Digital Trends’ Tech For Change CES 2023 Awards
Digital Trends CES 2023 Tech For Change Award Winners Feature

CES is more than just a neon-drenched show-and-tell session for the world’s biggest tech manufacturers. More and more, it’s also a place where companies showcase innovations that could truly make the world a better place — and at CES 2023, this type of tech was on full display. We saw everything from accessibility-minded PS5 controllers to pedal-powered smart desks. But of all the amazing innovations on display this year, these three impressed us the most:

Samsung's Relumino Mode
Across the globe, roughly 300 million people suffer from moderate to severe vision loss, and generally speaking, most TVs don’t take that into account. So in an effort to make television more accessible and enjoyable for those millions of people suffering from impaired vision, Samsung is adding a new picture mode to many of its new TVs.
[CES 2023] Relumino Mode: Innovation for every need | Samsung
Relumino Mode, as it’s called, works by adding a bunch of different visual filters to the picture simultaneously. Outlines of people and objects on screen are highlighted, the contrast and brightness of the overall picture are cranked up, and extra sharpness is applied to everything. The resulting video would likely look strange to people with normal vision, but for folks with low vision, it should look clearer and closer to "normal" than it otherwise would.
Excitingly, since Relumino Mode is ultimately just a clever software trick, this technology could theoretically be pushed out via a software update and installed on millions of existing Samsung TVs -- not just new and recently purchased ones.

Read more