By using open-source Arduino tools, security researchers are exposing security gaps in door-lock systems used by millions of hotels.
LAS VEGAS — For millions of travelers and road warriors, the ubiquitous hotel key card is the primary, and essentially the only, way to access their rooms at the end of day. However, security researcher Cody Brocious believes the current systems used to secure hotel doors throughout the United States and elsewhere are severely flawed.
Speaking at the Black Hat security conference here, Brocious demonstrated how locks from Onity—a company that sells security products to hotels and other businesses—can easily be bypassed. At the show, Brocious detailed the primary security flaws that allowed him to bypass Onity locks and gain access to rooms.
Brocious used an open-source tool known as Arduino, a portable programming platform. Arduino was used as a substitute for the commercial portable programmer that an Onity lock would typically require. Brocious explained that the Onity locks have a serial hardware connection that is easily accessible, as well.