clock menu more-arrow no yes mobile

Filed under:

Hotel keycard system from Onity said to be vulnerable to hacking

New, 13 comments

24-year-old Firefox OS programmer Cody Brocious is presenting an exploit that unlocks Onity hotel doorlocks at this year's Blackhat security conference in Las Vegas.

Combination Lock (Flickr)
Combination Lock (Flickr)

The Onity keycard lock that is used on millions of hotel room doors has reportedly been hacked. According to Forbes, 24-year-old Mozilla Firefox OS programmer Cody Brocious discovered the vulnerability and will present it at this year's Blackhat conference. There's a DC power jack meant to be used for re-programming on the bottom of vulnerable Onity locks, but this jack has a glaring security flaw: the numeric key that unlocks the door is stored insecurely in memory. Brocious can copy this key and send it right back out using a cleverly programmed Arduino development board and an appropriately sized DC jack.

While Brocious' method isn't infallable — it failed in a few real-world tests — it does raise some serious concerns about how secure the average hotel room lock is. Brocious discovered the hack when working for a (now-defunct) start-up, but chose to not submit it to Onity directly. After his presentation tomorrow morning at the Zero Day Lounge in Ceasar's Palace, Las Vegas, Brocious plans on releasing the source code and schematics for his exploit on his blog.