Wednesday, July 25, 2012

Hacked Hotel Doors

The Black Hat security conference in Las Vegas always exposes interesting security vulnerabilities. This year is no different, with news that the Onity card lock used on millions of hotel rooms is vulnerable to a hack attack. With about $50 worth of hardware parts and a bit of programming, an unauthorized person can open a locked door from the outside. See the Forbes article here and the presentation and paper here.

A couple of points to consider. Not all hotels use Onity locks (VingCard, CISA, and Safelok are a few other popular brands). There's a higher probability of a corrupt hotel employee accessing your room without your permission than a hacker. Most doors feature some type of mechanical lock in the form of a chain or swing lock that secure the room from the inside when occupied (it's worth noting that these locks do not offer 100% security, and can be readily defeated by a knowledgable person).

A cheap and simple solution to securing a hotel room while you're inside (or a room with any door that opens inward) is to use rubber door stopper. Jam the stopper between the door and floor. There is usually enough friction to prevent the door from opening. Give it a try.

International Security/Espionage Trivia: Some security practitioners may recall the 2010 assassination of Hamas member Mahmoud Al-Mabhouh in Dubai. The Mossad was alleged to have hacked the card lock on Mabhouh's hotel room and waited for his return. The Al Bustan Rotana hotel, where Mabhouh stayed, uses VingCard locks. Dubai authorities reported there was evidence that someone reprogrammed the lock at the door to gain access to the room before Mabhouh was killed.



Post a Comment

<< Home