November 27, 2012 9:25 am
One of the pleasures of traveling is getting your own hotel room—peace and quiet, locked away from the world with a nice little key card securing your privacy. Except that those key cards might not be as secure as you might think. Recently, thieves exploited a hack of those magnetic stripped cards to break into several rooms at a Hyatt in Houston.
Two days after the break-in, a letter from hotel management confirmed the answer: The room’s lock hadn’t been picked, and hadn’t been opened with any key. Instead, it had been hacked with a digital tool that effortlessly triggered its opening mechanism in seconds. The burglary, one of a string of similar thefts that hit the Hyatt in September, was a real-world case of a theoretical intrusion technique researchers had warned about months earlier—one that may still be effective on hundreds of thousands or millions of locks protecting hotel rooms around the world.
The hack has been known for a while now: it was demonstrated in July by a hacker named Body Brocious at a conference for hackers called Black Hat. Forbes again:
On stage at Black Hat, Brocious showed it was possible to insert the plug of a small device he built with less than $50 in parts into the port at the bottom of any Onity keycard lock, read the digital key that provides access to the opening mechanism of the lock, and open it instantaneously.
Now, any hacker who’s seen the demonstration and understands the tools, could reproduce Brocious’s results. In fact, the whole thing is on YouTube:
And you don’t have to have an obvious device either. Some have done it with a dry erase marker as a cover:
That pen is made of simply:
- 1 ATMega328 (pre-loaded with the sketch)
- 1 5.6k resistor
- 1 30 ohm resistor
- 1 16Mhz Crystal
- 1 3.3v Zener diode
- 1 A23 12V Battery
- 1 SPST tall mini push button (momentary on)
- 1 DC (coaxial) barrel connector, 5mm outer diameter, 2.1mm inner diameter
- 1 Protoboard 1-3/4in. X 1-1/2in
Basically, never leave valuables in your hotel room.
More from Smithsonian.com:
Sign up for our free email newsletter and receive the best stories from Smithsonian.com each week.
No Comments »
No comments yet.