We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,108 News Articles

$50 Hacking Device Opens Millions of Hotel Room Locks

A black hat hacker has discovered an easy, cheap method for opening hotel room door locks manufactured by Onity.

If you're staying at hotel, it might be a good idea to check the manufacturer of your door lock. A black hat hacker has unveiled a method that allows a fairly simple hardware gadget to unlock door locks manufactured by Onity.

Mozilla software developer Cody Brocious recently discovered two vulnerabilities within Onity's locks. Brocious was able to exploit said vulnerabilities with a device that cost him $50 to build. The schematics for the device are open source and available on the Web. Brocious will present his findings at the Black Hat Security Conference in Las Vegas on Tuesday night.

Onity tells PCWorld that it is aware of Brocious' work, but has declined to comment until it reviews additional information on the hack itself.

"Onity is prepared to address any potential issues posed by the presentation," a spokesperson said.

The company's locks are found on between four and five million hotel room doors worldwide. Brocious' device plugs into the DC port that is found on the bottom of the outside portion of the lock.

"[It] looks like a standard DC power port you'd see on something like a router," Brocious says. When the device is plugged in and powered up, it will, in theory, cause the door to unlock. The hack simulates a device used by hotel room operators to program locks to accept certain master keys. The hacking device reads the lock's memory, obtains the cryptographic key information, and then sends that information to the door lock, allowing the hacker to gain entry to the room.

Brocious explains that the key information is easily accessible and not protected, thus allowing his device to obtain it so easily.

That said, the hack doesn't work every time. In tests performed for Forbes Magazine, Brocious was only able to open one of three Onity-made locks at a hotel in New York City, and only after trying twice on the door that finally unlocked. The problem appears to be due to issues in the timing of how his device communicates with the lock.

Regardless, the issue is serious enough to cause worry for hotel room operators. Hotel room theft is already a problem they deal with on a regular basis: if a device like this gets in the wrong hands, thieves will become all the more effective.

For more tech news and commentary, follow Ed on Twitter at @edoswald, on Facebook, or on Google+.


IDG UK Sites

Windows 9 release date, price, features: Microsoft teases new OS ahead of 30 September unveiling

IDG UK Sites

From the iPhone 6 to the iWatch and a new Apple TV we look at the products Apple is set to launch...

IDG UK Sites

September 2014 creative trends: 5 things you must see

IDG UK Sites

What to expect from Apple in autumn/winter 2014: iPhone 6, iPhone Air, iWatch, iPad 6, new Apple...