Page 1 of 1

Hotel Room Locks Picked in Seconds

PostPosted: Mon Oct 22, 2012 10:48 pm
by MixedMotives
http://abcnews.go.com/US/faulty-hotel-locks-demonstrated-abc-news-report/story?id=17531528#.UIXWloZ1R8E

man i thought only dry erase makers got you high ..lol

whouldnt that be a bypass not a pick?

Re: Hotel Room Locks Picked in Seconds

PostPosted: Mon Oct 22, 2012 11:08 pm
by Violaetor
Link not properly formatted.

Re: Hotel Room Locks Picked in Seconds

PostPosted: Tue Oct 23, 2012 1:07 am
by Josh66
Violaetor wrote:Link not properly formatted.

That seems to happen whenever you preview the post prior to posting...



Pretty interesting...

Re: Hotel Room Locks Picked in Seconds

PostPosted: Tue Oct 23, 2012 1:15 am
by 10ringo10
Yes the lock manufactures will be pissed id say... thanks for the link mixed motives

Re: Hotel Room Locks Picked in Seconds

PostPosted: Tue Oct 23, 2012 4:11 am
by Don
The locks that that flaw works on is ONITY. The bypass has been public for apx. 1 month Onity contacted all effected Hotels apx. 3 days before the by pass became publicly known. There has been some “ temp” measures to slow down/ detect the use. A new replacement part to prevent easy access to the boards is currently being manufactured and will be available to all users soon.

Re: Hotel Room Locks Picked in Seconds

PostPosted: Tue Oct 23, 2012 9:34 am
by Pickingpaul
i want one of those magic markers :shock:

someones got some answering to do there, :???:

Re: Hotel Room Locks Picked in Seconds

PostPosted: Tue Oct 23, 2012 1:06 pm
by rai
typed Onity into google and one suggestion was onity hack, which returned stories from late august on a hack using an arduino, but the discussion seems to be about some marker hack, so that might be another one. I'll try the link and see what that brings

Re: Hotel Room Locks Picked in Seconds

PostPosted: Tue Oct 23, 2012 1:42 pm
by rai
A little google research later, it appears that Cody Brocius showed the arduino bypass at black hat in july and by the time this news report was made, mr Percoco of trustwave had made an arduino or the relevant parts of one fit into a magic marker.
same hack version 1.1

havent found the plans for the marker pen version, spiderlabs probably knows some electronics guys,
The hack factory that I once joined, was where my laptop was hacked by someone, I have suspicions of who, but no direct knowlege, in any case the president of the group was a trustwave spiderlabs lock "expert" however he didn't make any big impression on me. I would think Chriswingate is much more expert than he.

Re: Hotel Room Locks Picked in Seconds

PostPosted: Wed Oct 24, 2012 2:05 am
by 10ringo10
just heard something about dry ice having the same outcome on the onity , bullshit i dont know but seems plausible water and electronics or electric dont mix.

Re: Hotel Room Locks Picked in Seconds

PostPosted: Wed Oct 24, 2012 12:47 pm
by rai
dry ice is not made of water, its made of CO2 that stuff you breath out after using the oxygen you breath in.

CO 2 has no liquid state at normal temperatures, it sublimates to invisible gas, perhaps that fake steam that is seen in stage shows is actually condensation of moisture in the air caused by cold gas, like the contrails that appear behind a high flying airplane are made of condensation from friction heat and engine heat as the plane passes through the cold air.

The nearest thing I can think of that could cause a malfunction of an electronic lock would be what alarm technicians used to call a "swinger", that is a broken circuit that comes and goes due to heat expansion or contraction, or swelling of wood in damp conditions. these were hard to find because the false alarms were caused at night and the tech comes out during the day to look for it and its already autorepaired, so his continuity tester indicates a good circuit. Very common condition on the old foil tape window sensors.

Re: Hotel Room Locks Picked in Seconds

PostPosted: Wed Oct 24, 2012 1:52 pm
by clearmoon247
The onity "temp fix" is just a removable cap over the dc jack. I find this to be kinda laughable as a patch to "prevent" this attack from happening. I've built one of these devices already and am working on one that will fit in a marker enclosure as we speak.

Re: Hotel Room Locks Picked in Seconds

PostPosted: Wed Oct 24, 2012 2:46 pm
by rai
http://blog.spiderlabs.com/2012/10/pent ... -pens.html
circuit diagrams and photos of the pen and the finished circuit.

Re: Hotel Room Locks Picked in Seconds

PostPosted: Wed Oct 24, 2012 3:00 pm
by rai
coding can be found at www.nerdkits.com it in the forum under the hotel door lock thread.

Re: Hotel Room Locks Picked in Seconds

PostPosted: Wed Oct 24, 2012 7:13 pm
by gnarus8429
A fiend of mine has one of these based on a teensy (http://hackaday.com/2012/09/05/meet-the-teensy-3-0/). Works great on the locks he has tried it on while traveling. It does take a bit of knowledge to do the programming but, not that bad. If I understand the exploit correctly this is only going to be a real problem on a certain segments of onity products. Some can be reprogrammed (EEPROM flashed) and some can not. The ones that can't be reprogrammed are the big problem and a true fix would be to replace the lock. The screw to cover the hole for the plug has been distributed by the company in the meantime. I'm sure that the security screw is not going to slow down anyone who know what they are doing. That fix is just to put guests at ease that have seen this hack in the media.

Re: Hotel Room Locks Picked in Seconds

PostPosted: Thu Oct 25, 2012 1:04 pm
by rai
with four million locks installed and a company that is trying to avoid recalling all of them, many hotels will not do the hole plug fix or any other fix that costs them money and maintainence guy time.
hotel chains are notoriously cheap about maintainence and will wait until a problem occurs to fix anything. I get the stories frequently from a friend who is a night manager for a chain. This exploit will likely still work at half of those 4 million locks years from now.