Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Millions of Hotel Rooms With Arduino

Posted by Unknown on from the do-not-disturb-taken-as-challenge dept.

MrSeb writes with an excerpt from Extreme Tech about a presentation at Black Hat: "Bad news: With an Arduino microcontroller and a little bit of programming, it's possible for a hacker to gain instant, untraceable access to millions of key card-protected hotel rooms. This hack was demonstrated by Cody Brocious, a Mozilla software developer, at the Black Hat security conference in Las Vegas. At risk are four million hotel rooms secured by Onity programmable key card locks. According to Brocious, who didn't disclose the hack to Onity before going public, there is no easy fix: There isn't a firmware upgrade — if hotels want to secure their guests, every single lock will have to be changed. I wish I could say that Brocious spent months on this hack, painstakingly reverse-engineering the Onity lock protocol, but the truth — as always, it seems — is far more depressing. 'With how stupidly simple this is, it wouldn't surprise me if a thousand other people have found this same vulnerability and sold it to other governments,' says Brocious. 'An intern at the NSA could find this in five minutes.'"

3 of 268 comments (clear)

  1. Re:Lock the door when inside by h4rr4r · · Score: 5, Informative

    Many of those safes have backup passwords, hotels generally do not change the default one.

  2. Re:Lock the door when inside by SilverJets · · Score: 5, Informative

    You mean those safes where hotel staff have a master code that unlocks them in case the guest forgets the code they set? Those safes?

  3. Re:Reliable? by Anonymous Coward · · Score: 5, Informative

    I suspected upon hearing this that he was trying to bitbang a protocol using the Arduino functions such as delaymicroseconds and digitalwrite and he was probably having to adjust these to account for inconsistencies caused perhaps between locks (where battery voltage may affect timing) but also the inherent timing problems caused by the braindead manner in which these "friendly" functions operate. Even worse, he is using the Arduino's Serial library which is even worse about causing timing and memory problems.

    Upon reading his code I found that assumption to be correct. If he ditched the Arduino library and wrote correct AVR code using ISR's and hardware timers to implement the communication protocol I think the reliability of the exploit would dramatically improve. Reading his analysis of the protocol I even think the two-wire interface could be used directly with a tiny bit of extra hardware. Also, the Arduino MEGA is unnecessary; a normal arduino or even a $2 ATTiny would do this job fine.

    I should mention that it's not his fault that the Arduino library is terrible code and that its essentially unusable for this kind of thing; they do sort of purport that is more capable than it is. I do however suggest that you adjust your thoughts on the reliability of his exploit.