Welcome Guest 

Show/Hide Header

Welcome Guest, posting in this forum requires registration.
Pages: [1]
Author Topic: Arduino, resistor, and barrel plug lay waste to millions of hotel locks
bandit
Administrator
Posts: 327
Permalink
Post Arduino, resistor, and barrel plug lay waste to millions of hotel locks
on: July 25, 2012, 15:21
Quote

Post : Arduino, resistor, and barrel plug lay waste to millions of hotel locks
URL : http://hackaday.com/2012/07/25/arduino-resistor-and-barrel-plug-lay-waste-to-millions-of-hotel-locks/
Posted : July 25, 2012 at 12:01 pm
Author : Mike Szczys
Tags : arduino, hotel room, lock, lock picking, onity
Categories : cons, security hacks

http://hackadaycom.files.wordpress.com/2012/07/brocious-onity-hotel-lock-arduino-e1343241246773.jpg

The security flaws on this common hotel keycard lock are nothing short of face-palmingly stupid. Look closely at the picture above. This is a hotel room door swinging open. The device he holds in his hand is an Arduino connected to the OUTSIDE portion of the door lock. It takes approximately 200 milliseconds from the time an attacker plugs the device in, until the door can be opened. Yes, in less than 1/4 of one second an Arduino can open any of the millions of these locks (http://www.extremetech.com/computing/133448-black-hat-hacker-gains-access-to-4-million-hotel-rooms-with-arduino-microcontroller) in service.

The exploit in Onity programmable keycard locks was revealed by [Cody Brocious] (http://daeken.com/blackhat-paper) at the Blackhat conference. Apparently the DC barrel jack on the outside of the lock serves as a one-wire protocol interface. Once communications are established a 32-bit sitecode can be read from any of the locks and immediately used to open the door. There is no authentication or encryption used to obfuscate this kind of attack. To make matters worse, you can even read out master key and skeleton key codes. These codes facilitate 'magic' keys used to open a variety of different doors through the system.

We're no strangers to easy hotel beak-ins (http://hackaday.com/2010/08/29/hackaday-links-august-29-2010/) . But how can a digital lock possibly be sold with this type of vulnerability present? Really!?

Here's the white paper (http://demoseen.com/bhpaper.html) on the exploit as well as the slides from his talk (http://demoseen.com/bhtalk2.pdf) (PDF).

[via Reddit (http://www.reddit.com/r/arduino/comments/x4tmg/hacker_uses_arduino_to_gain_access_to_4_million/) ]

Add a comment to this post: http://hackaday.com/2012/07/25/arduino-resistor-and-barrel-plug-lay-waste-to-millions-of-hotel-locks/#respond

--
WordPress.com | Thanks for flying with WordPress!
Image
Mr.What
Administrator
Posts: 154
Permalink
Post Re: Arduino, resistor, and barrel plug lay waste to millions of hotel locks
on: July 26, 2012, 15:27
Quote

Have they started fixing this yet?

BTW: this might be better in Link Dump area.
I'd rather use the project forum area for discussion of active Quelab projects.
Pages: [1]
Mingle Forum by cartpauj
Version: 1.0.34 ; Page loaded in: 0.013 seconds.

 

Comments are closed.