Hotel Keycard Firm Issues Fixes to Keycard Locks

[CommanderFrank]

When do the good guys start wearing black hats? We reported last month about the hotel’s keycard system being hacked by a member of the Black Hat security conference. Well, it seems the lockmaker Onity felt bad about their security being breached in just a matter of seconds by a $50 buck hack and provided a fix.

The entry-level (free) fix involves supplying a physical plug that blocks access to the portable programmer port of potentially vulnerable HT series locks.

 

[Spidey329]

Couldn't you remove the plug?

 

[niconx]

Couldn't you remove the plug?

Don't be crazy, hackers don't carry screwdrivers.

 

[DeathPrincess]

Couldn't you remove the plug?

No one would ever think of that.

 

[snaggerpuss]

I said to myself about a decade ago those stupid key card hotel security locks were a risk and I was right. Trust no one, ever.

 

[ljbade]

My apartment uses these locks.

I already have an arduino (great little devices) so I'm going to test it out on my lock.

If it works I will request the owner to upgrade the system.

I wonder what my insurance company thinks about this?

 

[thedge]

coupled with the use of more-obscure Torx screws

If you can go to Princess Auto, Harbor Freight, Sears, etc and buy Torx screw drivers or bits then its not at all obscure.

 

[Ehren8879]

Some fix. Thanks to the company for telling us how to re-hack it.

 

[trav04]

wow.. they are going to charge for there "upgrades" sounds like they was waiting for the perfect moment to release it.

 

[SkribbelKat]

Even fixed, I just don't expect it to be any better than a lock with a metal key which anyone who has a clue or the right equipment can get into in a few moments. The life's lesson in this is not to sit around your hotel room in the nude while listening to Gregorian Chant because someone will probably find out about it.

 

[Ehren8879]

Even fixed, I just don't expect it to be any better than a lock with a metal key which anyone who has a clue or the right equipment can get into in a few moments. The life's lesson in this is not to sit around your hotel room in the nude while listening to Gregorian Chant because someone will probably find out about it.

more like

"The life's lesson in this is (snip) to sit around your hotel room in the nude while listening to Gregorian Chant.[/

 

[Ezteh]

I don't need a hotel room to sit around being nude

 

[SkribbelKat]

more like

"The life's lesson in this is (snip) to sit around your hotel room in the nude while listening to Gregorian Chant.[/

I see you're one of those kinds of people!

I don't need a hotel room to sit around being nude

This is true, but not many people have worthless keycard locks on their homes.

 

[Ualdayan]

I see you're one of those kinds of people!



This is true, but not many people have worthless keycard locks on their homes.

I don't think 'worthless' is quite right. Sure, somebody with the right skills can bring an arduino there, and if they know the right thing to do unscrew the port, and plug into it, then do the necessary work to decrypt the key to get in. The thing is what's the traditional alternative? A key lock right? Again, somebody with the right skills and tools can easily get by that too.

 

[SkribbelKat]

I don't think 'worthless' is quite right. Sure, somebody with the right skills can bring an arduino there, and if they know the right thing to do unscrew the port, and plug into it, then do the necessary work to decrypt the key to get in. The thing is what's the traditional alternative? A key lock right? Again, somebody with the right skills and tools can easily get by that too.

Yeah, I know...just kick open the door using ninja skills. There's nothing at all impressive about a demonstration of foot force though, even when you include squealy ninja mouth sounds like, "Hiiiiiiyaaaaaah!" or spend 10 to 15 minutes screaming at the top of your lungs to power up for your mega-attack (usually while the bad guy just...I guess stands there waiting patiently for you as the camera pans and zooms all around).

 

[dandragonrage]

At least it hasn't taken them long, but if you ask me, they should provide the more expensive fix for free.

 

[Tytalus]

Part of the issue is mitigated with the "lock" for that port.

The primary issue with breaching physical security is that it takes time and is generally obvious when it happens. With an Arduino and 1-2 seconds of time some of these locks can be circumvented, so the "time cost" is extremely low, which increases the likelihood it can be undetected, which increases the likelihood someone will use this form of attack.

By requiring at least one more tool, plus adding several seconds to the whole process, the process itself is more secure due to the nature of the attacker's proximity to the device being attacked. Now someone standing in front of a door for several seconds removing a component from the lock will likely be noticed, as opposed to a guy who walks up to a door, discretely plugs something in and then opens the unlocked door. Adding the additional step does increase the security from a physical security standpoint, so it seems like a decent (and free) fix from the company.

While the lock itself isn't necessarily any more secure, the presence of a time-consuming additional step helps mitigate the casual threat these locks present. The attack vector is still a valid one, but "drive-by" unlocks likely won't occur anymore. Only folks determined to get in the door (likely motivated by what they know [or suspect] is behind the door) will accept the increased risk of detection. It's like putting bars across your window--it doesn't stop someone from entering, it just raises the level of dedication required to circumvent the security.