Jacking hotel rooms with an Arduino microcontroller



Posted by Trent Nouveau

Black Hat 2012 kicked off in Las Vegas with a bang as Mozilla software dev Cody Brocious talked about jacking and cracking hotel room doors with an Arduino microcontroller.



That's right - all it took Brocious was approximately $50 of off-the-shelf hardware, some righteous coding, and voilà, untraceable access to millions of key card-protected hotel rooms. To make matters worse, Brocious claims there is no easy fix for the exploit. 



Jacking and cracking hotel rooms with an Arduino microcontroller



So how does the crack work? 

Well, a small barrel-type DC power socket is located at the base of every Onity lock. The socket is used to charge the battery and program the lock with a 32-bit key hotel site-code.



Brocious plugged an Arduino microcontroller into the DC socket and managed to extract the 32-bit key from the lock's memory. Apparently, no authentication is required - as the key is stored in the same memory location on every Onity lock.

 The developer then played the 32-bit code back to the lock - which opened.

"I plug it in, power it up, and the lock opens," Brocious told Forbes. 
"With how stupidly simple this is, it wouldn't surprise me if a thousand other people have found this same vulnerability and sold it to other governments... An intern at the NSA could find this in five minutes."



Of course, the Brocious Arduino microcontroller hack is really nothing new. All you WarGames buffs out there undoubtedly remember how David Lightman escaped from a locked room in Cheyenne Mountain with just a tape recorder, spare medical equipment, and, oh, yes some quick thinking.