How to Turn an Innocent Dry Erase Marker into a Hotel Hacking Machine
A couple of months ago at the Black Hat security conference, hacker Cody Brocious gave the hotel industry a nasty surprise when he figured out how to hack the locks made by Onity that are used in millions of hotels worldwide.
The reason his hack is so impressive is because it's so simple and cheap. It uses an inexpensive Arduino microcontroller to read the key from the memory stored on the lock.
Onity responded on their support page (since taken down, republished on Brocious's blog) by saying that they were planning to offer two solutions to customers: a mechanical cover as a temporary solution, with a "firmware update" coming later to fix the problem for good. However, as Brocious explains, since Onity expects customers to foot part of the bill, it'll most likely be too expensive for most hotels to implement.
That means that even though the locks will eventually be updated, it will probably be a while before a lot of hotels get around to it. In the meantime, millions of rooms are sitting there just waiting to be hacked. And, of course, someone has since found a way to make Brocious's method even better.
With an Arduino, a DC barrel jack, and a 5.6k resistor, they basically created a master key that opens will open Onity's keycard locks. They used a 16Mhz crystal for the timing and a A23 12V battery to power the circuit board.
You can find more details along with the diagram for the circuit over on their blog, and check out the video below to see it in action.
Now, how likely are you to stay in hotel room after seeing this?