It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Bad news: With less than $50 of off-the-shelf hardware and a little bit of programming, it’s possible for a hacker to gain instant, untraceable access to millions of key card-protected hotel rooms.
This hack was demonstrated by Cody Brocious, a Mozilla software developer, at the Black Hat security conference in Las Vegas. At risk are four million hotel rooms secured by Onity programmable key card locks. According to Brocious, who should be scolded for not disclosing the hack to Onity before going public, there is no easy fix: There isn’t a firmware upgrade — if hotels want to secure their guests, every single lock will have to be changed.
I wish I could say that Brocious spent months on this hack, painstakingly reverse-engineering the Onity lock protocol, but the truth is far more depressing. “With how stupidly simple this is, it wouldn’t surprise me if a thousand other people have found this same vulnerability and sold it to other governments,” says Brocious, in an interview with Forbes. “An intern at the NSA could find this in five minutes.”
Black Hat hacker gains access to 4 million hotel rooms with Arduino microcontroller
Try reading the article. This has nothing to do with exploiting key cards and mag strip cards. It's a direct hack of the actual electronic locking mechanism. You don't need to copy anyone's card. You just plug the device into the DC charging jack and the hotel door will open instantly. As the article says, over 4 million hotel rooms use this locking mechanism. At any time anyone with this device (which is cheap to build) could gain access to any of these rooms.
I'm surprised this is just making news now. Exploiting/copying key cards and mag strip cards has been around for a long time, over a decade.
Originally posted by NuclearPaul
Did they seriously not design it so this port is on the inside of the room?
A white hat hacker breaks security for non-malicious reasons, perhaps to test their own security system or while working for a security company which makes security software.
A black hat hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain"
A grey hat hacker is a combination of a Black Hat and a White Hat Hacker. A Grey Hat Hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has been hacked, for example. Then they may offer to repair their system for a small fee.
Originally posted by drakus
What is misleading is the Title.
Black Hat is the name of a conference about IT security.
So it's hacker *at* black hat.... etc etc etc.