'Hocus Pocus 2' Review Wi-Fi 6 Router With Built-In VPN Sleep Trackers Capital One Claim Deadline Watch Tesla AI Day Student Loan Forgiveness Best Meal Delivery Services Vitamins for Flu Season
Want CNET to notify you of price drops and the latest stories?
No, thank you

Hotel cardkey locks said to be vulnerable to bypass hack

Locks used in more than 4 million hotel rooms can be defeated with some inexpensive hardware and some software, a security researcher demonstrates for Forbes.

You may not be as safe in your locked hotel room as you think.

Keycard door locks from Onity -- used in more than 4 million hotel rooms around the world -- are susceptible to vulnerabilities that could lead to a security bypass, according to Cody Brocious, a 24-year-old Mozilla developer and security researcher. Brocious, who is expected to present his findings at the Black Hat security conference tomorrow, showed Forbes how he is able to open hotel doors with a gadget he built with materials costing less than $50.

Brocious' device spoofs a portable programming device used to control door locks, Forbes explains. In a demonstration, Brocious shows how a plug inserted into a DC port on the underside of the lock could spring the hotel door lock.

"I plug it in, power it up, and the lock opens," he said.

However, the technique did not always work on locks installed on real hotel room doors. In fact, it only worked once and only after Brocious reprogrammed the device -- an unreliability he attributed to timing issues with how the device communicates with the lock.

The vulnerability occurs because the exposed port allows any device to read the lock's memory, where a string of data is stored that will trigger its "open" mechanism. He also said that his former employer reverse-engineered Onity's front desk system and sold it to a locksmith training company last year for $20,000.

"With how stupidly simple this is, it wouldn't surprise me if a thousand other people have found this same vulnerability and sold it to other governments," Brocious said. "An intern at the NSA could find this in five minutes."