Open Millions of Hotel Rooms With Arduino

MrSeb writes with an excerpt from Extreme Tech about a presentation at Black Hat: "Bad news: With an Arduino microcontroller and a little bit of programming, it's possible for a hacker to gain instant, untraceable access to millions of key card-protected hotel rooms. This hack was demonstrated by Cody Brocious, a Mozilla software developer, at the Black Hat security conference in Las Vegas. At risk are four million hotel rooms secured by Onity programmable key card locks. According to Brocious, who didn't disclose the hack to Onity before going public, there is no easy fix: There isn't a firmware upgrade — if hotels want to secure their guests, every single lock will have to be changed. I wish I could say that Brocious spent months on this hack, painstakingly reverse-engineering the Onity lock protocol, but the truth — as always, it seems — is far more depressing. 'With how stupidly simple this is, it wouldn't surprise me if a thousand other people have found this same vulnerability and sold it to other governments,' says Brocious. 'An intern at the NSA could find this in five minutes.'"

Bad news for you maybe

[crazyjj]

Great news for the budget-minded vacationer looking for a hotel bargain.

Re:Lock the door when inside

[Iniamyen]

Don't fret, most hotel rooms have safes secured by Onity programmable key card locks.

swedish supermodels beware

[tekrat]

Geeks now have the ability to get into your hotel room while changing into your bikini...

But why would a geek be changing into your bikini?

Re:swedish supermodels beware

[Chas]

Basically it's the perfect armor.

Some 500 pound guy in a thong is so horrific that you simply can't look at it long enough to aim and shoot.

That and the whole Cthulu-esque "I stared into madness and madness stared back" aspect.

So they're called

[oldmac31310]

pwnity now...

Re:Image

How is your lawn coming along granddad?

Re:Lock the door when inside

[specific]

I've never hacked an Onity programmable key-card lock, but I did stay in a Holiday Inn Express last night.

Re:Lock the door when inside

[Critical+Facilities]

the chain lock that's separate from the key card lock

Or according to Jon Stewart - "I have a chain lock on my door that says to criminals 'you're not getting in here......unless you push....kind of hard....with your hand'."

Re:I wouldn't have either

[TheCarp]

That is, unless he is planning to use the Basic Instinct Defense "What, do you think I am stupid enough to publish details of how a murder could be committed, by anyone, using these devices, and then do it myself?"

Though, if he tries it, I hope he remembers, the short white dress and no underwear is key to making it work.

Re:As usual however

[gblackwo]

You have until the end of the day to gather your things and turn in your geek card.

Re:Well, that's it!

Bad news: With an Arduino microcontroller and a little bit of programming, it's possible for a hacker to gain instant, untraceable access to millions of key card-protected hotel rooms.

Well, that's it! There's only one thing we can do... outlaw Arduinos

Not a complete solution, I'm sure there are other devices that could be used. To solve the problem completely we'll have to outlaw programming.

Re:Lock the door when inside

[courteaudotbiz]

Why call them safes then? Let's call them UnSafes!

Re:Lock the door when inside

[Pope]

We had a problem with a hotel safe once. When the tech guy came he popped the plastic keypad off to expose a serial port then hooked up his iPhone to it and opened the door. I wonder how secure that is...

Lies! iPhones and iPads are for content consumption only, and cannot possibly used for real work.