Onity Door Lock Hack

Six years ago by contrast a security researcher published the code necessary to exploit a glaring vulnerability in widely used onity keycard locks on the web.

Onity door lock hack.

Every single onity key card lock has a dc power socket on the base. A black hat hacker has unveiled a method that allows a fairly simple hardware gadget to unlock door locks manufactured by onity. Inspired by the james bond type setup we saw on the spiderlabs blog post we thought we de try to build a small simple and tsa friendly version of the onity key unlocker. At the black hat security conference yesterday a hacker named cody brocious a mozilla software developer demonstrated how someone could gain instant untraceable access to millions of hotel rooms protected by key card locks made by onity.

Connecting a 9v battery with the wrong polarity to an arduino mini pro will make pretty sparks. Mozilla software developer cody brocious recently discovered two. The device he holds in his hand is an arduino connected to the outside portion of the door lock. Approximately ten million onity ht locks are installed in hotels worldwide.

It takes approximately 200 milliseconds from the time an attacker plugs the device in until the. Providers of software and systems that meet the needs of hotel operators for security energy conservation management solutions and guestroom comfort. That hack used an arduino compatible chip inside of a dry erase markeras an end run around the lock s electronics. This accounts for over half of all the installed hotel locks and can be found in approximately a third of all hotels.

On one of our engagements we figured an onity hotel door unlocker would be useful to us. We hope to reveal unique insight into the way the onity ht system works and detail various vulnerabilities therein.