Black Hat 2012- Key-Card of Hotel Door Can Be Bypassed With An Open-Source Tool "Arduino"


Black Hat 2012- Key-Card of Hotel Door Can Be Bypassed With An Open-Source Tool "Arduino"

For millions of travelers the ubiquitous hotel key card is the primary and essentially the only way to access their rooms at the end of day. But when you will heard that the key card, you use to access your private room is no longer safe then its very much possible that you will shock. And trust me this happened in Black Hat 2012. A security researcher, Cody Brocious believes the current systems used to secure hotel doors throughout the United States and elsewhere are severely flawed. Speaking at the Black Hat security conference here, Brocious demonstrated how locks from Onity a company that sells security products to hotels and other businesses can easily be bypassed. At the show, Brocious detailed the primary security flaws that allowed him to bypass Onity locks and gain access to rooms.
According to eWEEk -Brocious used an open-source tool known as Arduino, a portable programming platform. Arduino was used as a substitute for the commercial portable programmer that an Onity lock would typically require. Brocious explained that the Onity locks have a serial hardware connection that is easily accessible, as well. In addition to the Arduino tool, Brocious used an oscilloscope that allowed him to see what was happening in the lock whenever a key card was put in and the door opened or closed. He was able to determine through his research that the underlying firmware on the lock does not require any form of authentication to arbitrarily access the memory of the lock. This means it is possible to read out every bit of information that is on the lock, which makes it possible for anyone to gain access or make a key.
In theory, programming for the lock should go over a secure channel, rather than doing direct unencrypted memory access, said Brocious. The problem, according to his research, is that the existing Onity lock design does not easily allow for that, and there is no easy way to update the firmware. Another potential option is to actually provide physical security on the door lock. For example, the company could make the serial port harder to access. However, with 5 million of these locks in use today, Brocious said this would be an expensive and challenging way to add additional security. The actual door locks are only half the problem exposed by Brocious. The card keys are also at risk. Typical card keys in the Onity system use only 32-bit key encryption making them easy to decrypt, according to Brocious. "The system is broken at every layer," said Brocious.
The severity of the issue and its high impact is what led Brocious to choose to release his research at Black Hat. In addition to his research, he is also releasing a software tool so that others can continue or expand on his efforts. "Something needs to be done about this problem, and I didn't want to put it out there in a way that could be defeated by process," said Brocious. "No doubt, this vulnerability has been found before, and it has been in the locks for years."
Brocious added: “I'd be surprised if this hasn't been used by malicious actors in the past.” What Brocious is hoping to achieve from this disclosure is not a mass string of hackers getting unauthorized access to hotel rooms, but rather some kind of fix and industry response. "I'm saying that this is what you're vulnerable [to], so come up with a way to solve the problem," said Brocious.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Related Posts Plugin for WordPress, Blogger...