Your hotel room keycard lock is vulnerable to hackers

Onity HT24 lock

The next time you stay at a hotel with keycard locks on your room door — that is to say, nearly any hotel nowadays — beware: You may not be the only one who can get in. And we’re not talking about the cleaning staff.

This is the warning of 24-year-old Mozilla software developer and self-described hacker Cody Brocious, who recently showed Forbes’ Andy Greenberg just how vulnerable some 4 million of the keycard locks used in popular hotels are to hacker trickery.

Brocious, who will present his complete findings at the Black Hat security conference in Las Vegas on Thursday, found that keycard locks made by manufacturer Onity can sometimes be opened using a $50 homemade, open-source gadget that plugs into the DC port located at the bottom of the lock housing. Brocious’s hacking tool works because the DC power port allows access to the lock’s memory (the lock is controlled by a simple computer, after all), which contains a piece of code that tells the lock to open, explains Greenberg. Just plug in the device, and a few seconds later, “click,” and you’re in.

At least, that’s how it is supposed to work — in practice, it’s not that reliable. Greenberg says that of the three doors Brocious attempted to demonstrate the tool’s ability on, only one worked — after the second try.

Brocious discovered the vulnerability in Onity’s lock system by accident, he says, while working for a startup called Unified Platform Management Corporation (UPM), which was attempting to create a universal lock system for hotels. Brocious was tasked with reverse engineering Onity’s locks, and thus discovered the “open sesame” trick. UPM later sold the intellectual property to locksmith training school the Locksmith Institute for $20,000. In other words: The ability to open Onity locks is not new, nor is Brocious the only one who knows how to build the electronic lock pick device.

When Greenberg contacted Onity to ask about its locks’ vulnerability, the company said it had not heard of Brocious’s invention, and ” places the highest priority on the safety and security provided by its products and works every day to develop and supply the latest security technologies to the marketplace.”

Not exactly reassuring, to say the least. Perhaps now you’ll make good use of that deadbolt.

Product Review

Kwikset Kevo Convert Review: A simple route to a smart lock

While it lacks the features and overall value of the August Smart Lock, Kwikset’s Kevo Convert offers a simple and friendly route to upgrade your front door’s deadbolt. Learn more in our full review.
Smart Home

After camera hacks, Nest locks customers out until they change their password

Nest is locking people out of their accounts if it believes there may have been a breach. Users will have to set up a new, secure password before they are able to regain access to their account.

A beginner’s guide to Far Cry New Dawn’s postapocalyptic Hope County

Far Cry New Dawn is yet another entry in Ubisoft's popular open world shooter franchise. But while it may feel quite similar in motion, the progression system is changed in a lot of ways. Our beginner's guide is here to help.
Product Review

Get crafty as you scavenge your way through Far Cry New Dawn's wasteland

Far Cry New Dawn is more of an extension of Far Cry 5 than a full blown sequel. Its focus on crafting and building up the world makes it a great open world shooter and an overall rewarding experience.
Smart Home

No strings attached: This levitating lamp uses science to defy gravity

Now on Kickstarter, the Levia lamp is a cool industrial-looking lamp which boasts a levitating bulb. Looking for a table light that will dazzle visitors? You've come to the right place.
Emerging Tech

The Great White Shark’s genome has been decoded, and it could help us end cancer

In a significant step for marine and genetic science, researchers have decoded the genome of the great white shark. The genetic code revealed a wealth of insight into what makes these creatures so successful from an evolutionary standpoint.
Emerging Tech

‘Guerrilla rainstorm’ warning system aims to prevent soakings, or worse

Japanese researchers have created a "guerrilla rainstorm" early-warning system aimed at preventing severe soakings, or worse. The team hopes to launch the system before the 2020 Tokyo Olympics.

Barbie’s Corvette ain’t got nothing on Sphero’s fully programmable robot car

Sphero is known for devices like the Sphero Bolt and BB-8 Star Wars toy, but now the company is back with another addition to its lineup -- the Sphero RVR. The RVR is a fully programmable robot car that can be expanding with different…
Emerging Tech

Japanese spacecraft will collect a sample from asteroid Ryugu by shooting at it

The Japanese spacecraft Hayabusa 2 will soon touch down on the asteroid Ryugu, where it will collect a sample by shooting a bullet into the soil. The sample will be returned to Earth in 2020 to learn about the formation of asteroids.
Emerging Tech

Hong Kong’s vision for a smart prison is a full-blown Orwellian nightmare

Hong Kong wants to bring prisons up to date by introducing new location-tracking wristbands for inmates, and a robot arm whose job is to comb through poop on the lookout for contraband.
Emerging Tech

No faking! Doctors can now objectively measure how much pain you’re in

Researchers at Indiana University School of Medicine have discovered the blood biomarkers that can objectively reveal just how much pain a patient is in. Here's why that's so important.
Emerging Tech

SeaBubbles’ new electric hydrofoil boat is the aquatic equivalent of a Tesla

What do you get if you combine a Tesla, a flying car, and a sleek boat? Probably something a bit like SeaBubbles, the French "flying" boat startup which offers a fresh spin on the hydrofoil.
Emerging Tech

We tried a $500 electronic dab rig, and now we can’t go back to normal vaporizers

Induction heating is the future of cannabis vaporizers. Loto Labs wowed us with what likely is the best concentrate vaporizer on the market today. With a $500 price tag, it's expensive, but it should definitely be your next dab rig.
Emerging Tech

Israel will launch world’s first privately funded moon mission tomorrow

This week will see the world's first privately funded lunar mission launch. Israel's first mission to the moon will be launched aboard SpaceX's Falcon 9 rocket on Thursday, February 21.