The next time you stay at a hotel with keycard locks on your room door — that is to say, nearly any hotel nowadays — beware: You may not be the only one who can get in. And we’re not talking about the cleaning staff.
This is the warning of 24-year-old Mozilla software developer and self-described hacker Cody Brocious, who recently showed Forbes’ Andy Greenberg just how vulnerable some 4 million of the keycard locks used in popular hotels are to hacker trickery.
Brocious, who will present his complete findings at the Black Hat security conference in Las Vegas on Thursday, found that keycard locks made by manufacturer Onity can sometimes be opened using a $50 homemade, open-source gadget that plugs into the DC port located at the bottom of the lock housing. Brocious’s hacking tool works because the DC power port allows access to the lock’s memory (the lock is controlled by a simple computer, after all), which contains a piece of code that tells the lock to open, explains Greenberg. Just plug in the device, and a few seconds later, “click,” and you’re in.
At least, that’s how it is supposed to work — in practice, it’s not that reliable. Greenberg says that of the three doors Brocious attempted to demonstrate the tool’s ability on, only one worked — after the second try.
Brocious discovered the vulnerability in Onity’s lock system by accident, he says, while working for a startup called Unified Platform Management Corporation (UPM), which was attempting to create a universal lock system for hotels. Brocious was tasked with reverse engineering Onity’s locks, and thus discovered the “open sesame” trick. UPM later sold the intellectual property to locksmith training school the Locksmith Institute for $20,000. In other words: The ability to open Onity locks is not new, nor is Brocious the only one who knows how to build the electronic lock pick device.
When Greenberg contacted Onity to ask about its locks’ vulnerability, the company said it had not heard of Brocious’s invention, and ” places the highest priority on the safety and security provided by its products and works every day to develop and supply the latest security technologies to the marketplace.”
Not exactly reassuring, to say the least. Perhaps now you’ll make good use of that deadbolt.
- Just say the magic word to unlock your Schlage smart lock
- It took them 15 years to hack a master key for 40,000 hotels. But they did it
- Electronic locks in over 40,000 hotels worldwide compromised, says security firm
- SimpliSafe and August Lock integrate smart locks with security systems
- You can now unlock your Yale smart lock with your voice via Alexa