Millions of hotel rooms around the world are protected by Onity locks. Unfortunately for hotel guests, these locks aren’t exactly secure. Each lock includes a port on the bottom that’s meant to allow access the hotel staff in order to set master keys, but it can be spoofed to reveal all the juicy information needed to pop the door open. This much we knew back in July, when hacker Cody Brocious demonstrated a version of it. However, we now know that a device capable of reliably performing this trick can be made small enough to fit in a dry erase marker.
A trio of hackers have built a tool that appears to be an innocent dry erase marker, but when inserted into the port on the bottom of a common form of hotel room keycard lock triggers the lock’s open mechanism in a fraction of a second.
“I guess we wanted to show that this sort of attack can happen with a very small, concealable device,” says Matthew Jakubowski, one of the three hotel lock hackers and a security researcher with the consultancy Trustwave. “Someone using this could be searched and even then it wouldn’t be obvious that this isn’t just a pen.”
They’d originally wanted to use a pen, because “penetration testers” is often shortened to “pentesters,” but they eventually made the call that they were just too small. Even so, a dry erase marker isn’t suspicious in and of itself, so anyone caught with one isn’t going to be immediately suspected of breaking and entering.
- New father ensures safety of offspring using lasers
- Dropbox was definitely hacked
- How to make your Facebook cover photo look especially awesome