It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Black Hat hacker gains access to 4 million hotel rooms

page: 1
5

log in

join
share:

posted on Jul, 28 2012 @ 03:52 AM
link   


Bad news: With less than $50 of off-the-shelf hardware and a little bit of programming, it’s possible for a hacker to gain instant, untraceable access to millions of key card-protected hotel rooms.

This hack was demonstrated by Cody Brocious, a Mozilla software developer, at the Black Hat security conference in Las Vegas. At risk are four million hotel rooms secured by Onity programmable key card locks. According to Brocious, who should be scolded for not disclosing the hack to Onity before going public, there is no easy fix: There isn’t a firmware upgrade — if hotels want to secure their guests, every single lock will have to be changed.

I wish I could say that Brocious spent months on this hack, painstakingly reverse-engineering the Onity lock protocol, but the truth is far more depressing. “With how stupidly simple this is, it wouldn’t surprise me if a thousand other people have found this same vulnerability and sold it to other governments,” says Brocious, in an interview with Forbes. “An intern at the NSA could find this in five minutes.”

Black Hat hacker gains access to 4 million hotel rooms with Arduino microcontroller

It seems to me like almost every important piece of technology is eventually revealed to have some sort of obvious back door which would allow instant untraceable cracking of said technology. I've seen it happen time and time again. These are the sort of sneaky tricks hidden up the sleeve of intelligence agencies so they can gain access to certain places without people suspecting they were there. I cannot believe how stupid the lock design actually was... his device simply needs to be plugged into the locks DC socket and it reads the unencrypted code straight from an unprotected memory bank and then sends the code back to the lock and the door unlocks. Once the device is connected the whole process takes under 200 milliseconds.
edit on 28/7/2012 by ChaoticOrder because: (no reason given)




posted on Jul, 28 2012 @ 04:03 AM
link   
reply to post by ChaoticOrder
 


I'm surprised this is just making news now. Exploiting/copying key cards and mag strip cards has been around for a long time, over a decade.

I've known many acquaintances that have duped janitorial master key cards to hotels and use them for free access to the swimming pool and gym facilities.

How is this just making news now?



posted on Jul, 28 2012 @ 04:07 AM
link   
reply to post by Druscilla
 



I'm surprised this is just making news now. Exploiting/copying key cards and mag strip cards has been around for a long time, over a decade.
Try reading the article. This has nothing to do with exploiting key cards and mag strip cards. It's a direct hack of the actual electronic locking mechanism. You don't need to copy anyone's card. You just plug the device into the DC charging jack and the hotel door will open instantly. As the article says, over 4 million hotel rooms use this locking mechanism. At any time anyone with this device (which is cheap to build) could gain access to any of these rooms.



posted on Jul, 28 2012 @ 04:16 AM
link   
reply to post by ChaoticOrder
 


Aha. My mistake. Thank you for the correction.

This is indeed interesting in that it cuts out the step of gaining access to a master key card (if only temporarily) to swipe for duplication.
It cuts out the middle man and allows for direct access.

Thank you.



posted on Jul, 28 2012 @ 04:46 AM
link   
That is going to cost an awful lot of money to fix, i remember the better quality electronic room locks were £650 each, and the cards cost on average £15 quid to produce and administrate per user. these were appropriated by Leicester city council when they built a custom built Homeless Hostel/Nightshelter in 2006.
They were battery operated though, no charging point so i guess they are safe.
They imported them from spain, and if anything goes wrong they have to wait 3-6weeks for replacements.
(Not very well thought out).

Do you think it is possible for the Hotel companies to request replacement under warranty, has this security flaw now been shown to prove them not fit for purpose?.



posted on Jul, 28 2012 @ 04:58 AM
link   
Did they seriously not design it so this port is on the inside of the room?



posted on Jul, 28 2012 @ 05:00 AM
link   
reply to post by The X
 


It's possible the locks are still under warranty but I some how doubt it. But if they are I would assume an event like this is something they are covered for.



posted on Jul, 28 2012 @ 05:03 AM
link   

Originally posted by NuclearPaul
Did they seriously not design it so this port is on the inside of the room?

It seems that way. I would assume they did it like that because when the locks decide to play games it's easier to debug them and get them fixed. If the port was on the inside and someone were to get stuck inside a room they wouldn't have a way to interact with the lock and send it commands, which could result in very undesirable scenarios.
edit on 28/7/2012 by ChaoticOrder because: (no reason given)



posted on Jul, 28 2012 @ 06:25 AM
link   
This is pretty funny... But couldn't they solve this pretty easily? Just place a box or cover over the lock, leaving a slot for the key card obviously... They could screw it in with a special screwhead, use lots of screws and problem solved (to a degree)... Yes someone could still get hold of the special screwdriver and sit there taking all the screws out etc. But it would be a big deterrent in my opinion. Who is going to want to sit there taking out all the screws? Then putting them all back so as to not be detected?

It would certainly be better than the situation now. And at least if something did go wrong an engineer could access the charging port.

It would cost but not as much as replacing all the locks surely?
edit on 28-7-2012 by mee30 because: (no reason given)



posted on Jul, 28 2012 @ 12:07 PM
link   
This is kind of neat. I'm giving this a try right now.
I'm using a PIC microcontroller ($1.50) and hand soldering it though so it fits inside of a pen.




Arduino is for kids.


It would be pretty easy to add an internal hardware fix for this. It will be neat to see what the hotel managers say when I show this to them. Could make a decent buck providing the fix
edit on 28-7-2012 by dainoyfb because: of typo.



posted on Jul, 28 2012 @ 09:27 PM
link   
reply to post by dainoyfb
 



I'm using a PIC microcontroller ($1.50) and hand soldering it though so it fits inside of a pen.

You are awesome man.

edit on 28/7/2012 by ChaoticOrder because: (no reason given)



posted on Jul, 29 2012 @ 04:10 AM
link   
Shame on ExtremeTech for improper use of terminology. Considering Cody Brocious disclosed this vulnerability, he would be considered more of "Grey Hat" hacker.


A white hat hacker breaks security for non-malicious reasons, perhaps to test their own security system or while working for a security company which makes security software.

A black hat hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain"

A grey hat hacker is a combination of a Black Hat and a White Hat Hacker. A Grey Hat Hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has been hacked, for example. Then they may offer to repair their system for a small fee.

Wikipedia



posted on Jul, 29 2012 @ 12:01 PM
link   
What is misleading is the Title.
Black Hat is the name of a conference about IT security.
So it's hacker *at* black hat.... etc etc etc.



posted on Jul, 29 2012 @ 03:50 PM
link   

Originally posted by drakus
What is misleading is the Title.
Black Hat is the name of a conference about IT security.
So it's hacker *at* black hat.... etc etc etc.


That's just it. He is attending the "black hat security conference" but he is more of a "grey hat" than a "black hat." I partially understand why they chose the title (short, sweet, to the point and basically conveys the message). I expect to see this from general news publications but not from a technology news source. Especially when the tech news source is covering perhaps the most important security convention in the world.

It's a nitpick, I realize.

edit on 7/29/2012 by Lysis because: (no reason given)



new topics

top topics



 
5

log in

join