- Jul 21, 2012
- 1,577
- 1,119
For those road warriors who practically live in hotels you might want to see how easy it is to get your valuables stolen. This new hacker invention may look like a harmless dry erase marker, but in truth it’s the ultimate electronic lock pick.
In a post titled ‘James Bond’s Dry Erase Marker,’ hotel hacker Matthew Jakubowski demonstrates how anyone can build this pocket-sized device which will open the lock on an estimated 4 million hotel rooms.
‘I guess we wanted to show that this sort of attack can happen with a very small concealable device,’ says Matthew Jakubowski, a security researcher with Trustwave, told Forbes. ‘Someone using this could be searched and even then it wouldn’t be obvious that this isn’t just a pen.’
The device exploits a vulnerability in Onity locks, a cheap lock used on millions of hotel room doors. Onity’s site boasts their locks are used in 22,000 hotel worldwide.
The lock has a small port on its bottom designed for hotels to set master keys. Hacker Cody Brocious discovered you could read the lock’s memory through this port, including a decryption key.
Borcious demonstrated a large, unwieldy device that could open a small percentage of locks this July at the Black Hat security conference.
Onity responded with a way to patch the weakness in August, but the fix required hotels to make costly hardware repairs to millions of locks as well as pay for a more secure version.
Security experts believe the expense has likely left a huge percentage of hotel rooms with the easily cracked model.
Jakubowski’s refined version can pop most locks in a fraction of a second. Even if security searched a guest, its unlikely many people would see a dry erase marker as a threat. And future versions may be even smaller and easier conceal.
Jakubowski wrote in a blog post explaining the hack.
