Onity Door Lock Hack

At the black hat security conference yesterday a hacker named cody brocious a mozilla software developer demonstrated how someone could gain instant untraceable access to millions of hotel rooms protected by key card locks made by onity.

Onity door lock hack.

Inspired by the james bond type setup we saw on the spiderlabs blog post we thought we de try to build a small simple and tsa friendly version of the onity key unlocker. Every single onity key card lock has a dc power socket on the base. It reinforced the warning sound by cody brocious when he presented the exploitat. Mozilla software developer cody brocious recently discovered two.

That hack used an arduino compatible chip inside of a dry erase markeras an end run around the lock s electronics. We hope to reveal unique insight into the way the onity ht system works and detail various vulnerabilities therein. Six years ago by contrast a security researcher published the code necessary to exploit a glaring vulnerability in widely used onity keycard locks on the web. Approximately ten million onity ht locks are installed in hotels worldwide.

A black hat hacker has unveiled a method that allows a fairly simple hardware gadget to unlock door locks manufactured by onity. The device he holds in his hand is an arduino connected to the outside portion of the door lock. How the onity lock system is designed. Connecting a 9v battery with the wrong polarity to an arduino mini pro will make pretty sparks.

This accounts for over half of all the installed hotel locks and can be found in approximately a third of all hotels. It takes approximately 200 milliseconds from the time an attacker plugs the device in until the.