Half of the locks in hotels is unsafe, claims to be a beveiligingsonderzoeker. With twenty dollars in hardware can be a random room within completed. n second be opened. A solution is not available.
Those locks are according to Brocious widespread; worldwide, there would be ten million copies are in use, half of all the locks in hotels, where it is unclear whether he only electronic locks mean.
The problem is that neither the pass with the magnetic stripe nor the slot that is in the Onity HT-only to hear, well-protected, according to Brocious. The value on the card which is necessary for the lock to open, is itself encrypted. The key used for that purpose, the ‘site code’, a unique code for a hotel that locks uses. This code is also stored in the locks.
However, it is easy to find the key to read from. A microcontroller using a transistor and a power adapter be connected to the ac input connector of the slot. Then the microcontroller with the slot to communicate, where the memory can be read out.
From memory, can the site code be met. Using the same site code, the lock command is given to open, without the need to adjust is used. There are only 200 milliseconds, and 20 dollars of hardware necessary, set Brocious.
In addition, it is possible to have the ‘mastercode’ from the lock to extract it. This code is on the fit of, for example, the cleaning staff, and with that fit all the doors in a part of the hotel or in the whole hotel to be opened. Using the mastercode is possible for a malicious self a digital carpet manufacture. Also, a so-called programmeerkaart be created; when a lock is inserted, it accepts the lock each hotelpas directly after it is entered.
Finally, it warns the researcher that the encryption on the hotelpassen is very moderate and that it is probably possible to this with a brute force attack to crack. Brocious, a how-to has been released for owners of an Arduino microcontroller, warns that there is still no fix available. The company behind the cards and the associated slot would this be better able to protect, but then all the locks of the new firmware will be provided.