How To: Turn an Innocent Dry Erase Marker into a Hotel Hacking Machine

Turn an Innocent Dry Erase Marker into a Hotel Hacking Machine

A couple of months ago at the Black Hat security conference, hacker Cody Brocious gave the hotel industry a nasty surprise when he figured out how to hack the locks made by Onity that are used in millions of hotels worldwide.

The reason his hack is so impressive is because it's so simple and cheap. It uses an inexpensive Arduino microcontroller to read the key from the memory stored on the lock.

Onity responded on their support page (since taken down, republished on Brocious's blog) by saying that they were planning to offer two solutions to customers: a mechanical cover as a temporary solution, with a "firmware update" coming later to fix the problem for good. However, as Brocious explains, since Onity expects customers to foot part of the bill, it'll most likely be too expensive for most hotels to implement.

That means that even though the locks will eventually be updated, it will probably be a while before a lot of hotels get around to it. In the meantime, millions of rooms are sitting there just waiting to be hacked. And, of course, someone has since found a way to make Brocious's method even better.

The team over at Trustwave's SpiderLabs took this idea and put it into a dry erase marker—and they posted all of the code and instructions so you can make your own.

With an Arduino, a DC barrel jack, and a 5.6k resistor, they basically created a master key that opens will open Onity's keycard locks. They used a 16Mhz crystal for the timing and a A23 12V battery to power the circuit board.

You can find more details along with the diagram for the circuit over on their blog, and check out the video below to see it in action.

Now, how likely are you to stay in hotel room after seeing this?

3 Comments

Nice, its great how a clever mind and some cheap devices can compete against millions of dollars of security tech.

I don't believe a door lock and keycard even at the Ritz-Carlton is "millions of dollars of security tech".

Can I purchase one already built and tested if so how much?

Share Your Thoughts

  • Hot
  • Latest