The Onity keycard lock that is used on millions of hotel room doors has reportedly been hacked. According to Forbes, 24-year-old Mozilla Firefox OS programmer Cody Brocious discovered the vulnerability and will present it at this year's Blackhat conference. There's a DC power jack meant to be used for re-programming on the bottom of vulnerable Onity locks, but this jack has a glaring security flaw: the numeric key that unlocks the door is stored insecurely in memory. Brocious can copy this key and send it right back out using a cleverly programmed Arduino development board and an appropriately sized DC jack.
While Brocious' method isn't infallable — it failed in a few real-world tests — it does raise some serious concerns about how secure the average hotel room lock is. Brocious discovered the hack when working for a (now-defunct) start-up, but chose to not submit it to Onity directly. After his presentation tomorrow morning at the Zero Day Lounge in Ceasar's Palace, Las Vegas, Brocious plans on releasing the source code and schematics for his exploit on his blog.