Saturday, July 28, 2012

Onity HT lock provides its own key when questioning it

The vulnerability found by Cody Brocious and presented at BlackHat Las Vegas 2012 deserves an entry in this blog. The Onity HT lock is installed on a huge amount of hotel doors around the globe and you might have already seen it, when you stayed in couple of hotels. 


This picture was extracted from Cody Brocious' talk at the BlackHat 2012 in Las Vegas.

Even more disturbing is the vulnerability that Cody discovered. Every lock has a small barrel-type DC power socket on the bottom. This is used to charge up the battery, when it is empty, but also to program the lock. Every hotel has its own random sitecode installed, which is used to encrypt/decrypt cards, program locks or open locks. This 32-bit key, however, is stored in the lock's memory and by connecting to the power socket, an attacker can extract the key. Moreover, the key is always stored on the same location and no authentication at all is needed to the extract the key.


More information can be found on Cody's website: http://daeken.com/blackhat-paper

1 comment:

  1. Hi Sir, You are really good writer.

    Nice post. Before finalizing your insurance policy educate yourself about it securitypitfalls.org. It is very helpful in using social media sites.I came across this site, it seems to contain very informative and nice information and also gives you an option to compare quotes about on The e-cig has been current for almost three years and is a amazing device focused at providing tobacco customers with a better option. Obviously also useful in assisting to reduce and indeed stop cigarette smoking tobacco completely. Are looking Buy e cigarette, V2 tobacco voucher & Green cigarette smoking tobacco coupon?

    Thanks For Only You Create That cute Article.

    ReplyDelete