We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

$50 Hacking Device Opens Millions of Hotel Room Locks

A black hat hacker has discovered an easy, cheap method for opening hotel room door locks manufactured by Onity.

If you're staying at hotel, it might be a good idea to check the manufacturer of your door lock. A black hat hacker has unveiled a method that allows a fairly simple hardware gadget to unlock door locks manufactured by Onity.

Mozilla software developer Cody Brocious recently discovered two vulnerabilities within Onity's locks. Brocious was able to exploit said vulnerabilities with a device that cost him $50 to build. The schematics for the device are open source and available on the Web. Brocious will present his findings at the Black Hat Security Conference in Las Vegas on Tuesday night.

Onity tells PCWorld that it is aware of Brocious' work, but has declined to comment until it reviews additional information on the hack itself.

"Onity is prepared to address any potential issues posed by the presentation," a spokesperson said.

The company's locks are found on between four and five million hotel room doors worldwide. Brocious' device plugs into the DC port that is found on the bottom of the outside portion of the lock.

"[It] looks like a standard DC power port you'd see on something like a router," Brocious says. When the device is plugged in and powered up, it will, in theory, cause the door to unlock. The hack simulates a device used by hotel room operators to program locks to accept certain master keys. The hacking device reads the lock's memory, obtains the cryptographic key information, and then sends that information to the door lock, allowing the hacker to gain entry to the room.

Brocious explains that the key information is easily accessible and not protected, thus allowing his device to obtain it so easily.

That said, the hack doesn't work every time. In tests performed for Forbes Magazine, Brocious was only able to open one of three Onity-made locks at a hotel in New York City, and only after trying twice on the door that finally unlocked. The problem appears to be due to issues in the timing of how his device communicates with the lock.

Regardless, the issue is serious enough to cause worry for hotel room operators. Hotel room theft is already a problem they deal with on a regular basis: if a device like this gets in the wrong hands, thieves will become all the more effective.

For more tech news and commentary, follow Ed on Twitter at @edoswald, on Facebook, or on Google+.

IDG UK Sites

Acer Aspire R11 review: Hands-on with the 360 laptop and tablet convertible

IDG UK Sites

Apple Watch release day: Twitter reacts

IDG UK Sites

See how Framestore created a shape-shifting, oil and metal based creature for Shell

IDG UK Sites

Apple Watch buying guide, price list & where to buy today: Which Apple Watch model, size, material,?......