If you are booking a room or a luxury suite in a hotel you might wanna enquire for the manufacturer of the locking system they provide. why? well, a black hat hacker has just revealed an effective method to unlock millions of doors manufactured by "Onity" worldwide.
The device is recently designed by the Mozilla's software developer Cody Brocious, who discovered two major vulnerabilities within Onity's security lock system.
According to Cody, it only took a device worth $50 to exploit said vulnerabilities. The schematics for the device are open source and available on the web. Arduino-based unlocker will be published online alongside a research paper explaining how these locks work and why they're inherently insecure. The hope is that manufacturers will take notice and improve the security of their wares before the world's ne'er-do-wells perfect Brocious' technique.
A reports stats that Onity's security lock is being used in more than 3 million hotel rooms worldwide and anyone who knows the method to get past the locking system can use a simple gadget to perform the hacking.
Onity Team denies any comment on the finding untill they have more information about it. However, they did accepted that they know about the cody's work.
"Onity is prepared to address any potential issues posed by the presentation," a spokesperson said.
According to an articled posted on PCworld Brocious' device uses the DC port that is found on the bottom of the outside portion of the lock.
"It looks like a standard DC power port you'd see on something like a router," Brocious says. When the device is plugged in and powered up, it will, in theory, cause the door to unlock. The hack simulates a device used by hotel room operators to program locks to accept certain master keys. The hacking device reads the lock's memory, obtains the cryptographic key information, and then sends that information to the door lock, allowing the hacker to gain entry to the room.
Brocious' device is not a "hit on the target in one go," -- the device only opened 1 of 3 doors he tried. The problem appears to be the timing of the acton needed to be performed and how it communicates with the lock.
The hotel room security is already a problem for most of the hotel operators and if this gadget falls into the wrong hand it could prove to be a great assets to get a sudden hike in the activity chart.