Black Hat Hacker Gains Access to 4 Million Hotel Rooms With Arduino Microcontroller

Sebastian Anthony, writing for ExtremeTech:

I wish I could say that Brocious spent months on this hack, painstakingly reverse-engineering the Onity lock protocol, but the truth is far more depressing. “With how stupidly simple this is, it wouldn’t surprise me if a thousand other people have found this same vulnerability and sold it to other governments,” says Brocious, in an interview with Forbes. “An intern at the NSA could find this in five minutes.”

Update: I got a nice email from Cody Brocious, the security researcher who discovered this. He wrote:

One thing I’d really like to clarify (which ExtremeTech still hasn’t) is that it did take me months. In fact, the work I released is the product of 3 years of reversing the entire system. The simplicity of the result really hides the work that was done to reach this point.

That said, thanks for covering this; anything that gets the word out about the (lack of) security here is a Good Thing (TM).

Thursday, 2 August 2012