Burglar Suspected Of Using Arduino-Onity Hack To Rob Hotel Rooms

November 29, 2012 by Mike Szczys 54 Comments

Can anyone argue against this being the least-secure hotel room lock on the market? Regular readers will recognize it as an Onity key card lock. A few months back a glaring flaw in the security was exposed that allows these locks to be opened electronically in less than a second. So we are not surprised to hear that a series of hotel room robberies in Houston are suspected to have been performed using this technique.

The image above is from a demonstration video we saw back in October. That hack used an Arduino-compatible chip inside of a dry erase marker as an end-run around the lock’s electronics. It reinforced the warning sound by [Cody Brocious] when he presented the exploit at this year’s Blackhat conference. The barrel jack on the outside of the door lock doubles as a 1-wire communications port and that is how an attacker can gain access. Investigators can find no other means of entry for these thefts.

We applaud one of the victims in this story. At the end of the article she is asked if the information about the Onity flaw should have been kept secret. She said that if there’s a vulnerability that’s not being fixed people have a right to know about it. Bravo [Janet Wolf]!

[Thanks Andrew]

Electromagnetic Field Camp

August 3, 2012 by Richard Steele 7 Comments

Emf Electromagnetic Field Camp is a three-day camping festival for people with an inquisitive mind or an interest in making things: hackers, geeks, scientists, engineers, artists, and crafters.

There will be people talking about everything from genetic modification to electronics, blacksmithing to high-energy physics, reverse engineering to lock picking, crocheting to carpentry, and quadcopters to beer brewing. If you want to talk, there’ll be space for you to do so, and plenty of people who will want to listen.

EMF is a volunteer effort by a non-profit group, inspired by European and US hacker camps like CCC, HAR, and toorcamp. This year on Friday 31st August – Sunday 2nd September 2012 Will hold the first Uk meeting of its kind.

Events and activities will run throughout the day and into the evening, everything else (chats, debates, impromptu circus performances, orbital laser launches) will run as long as your collective energy lasts.

The Event is to be held at Pineham Park, Milton Keynes, UK.

As a Hackaday viewer you can get discounted tickets.

[thanks Jonty]

Arduino, Resistor, And Barrel Plug Lay Waste To Millions Of Hotel Locks

July 25, 2012 by Mike Szczys 63 Comments

The security flaws on this common hotel keycard lock are nothing short of face-palmingly stupid. Look closely at the picture above. This is a hotel room door swinging open. The device he holds in his hand is an Arduino connected to the OUTSIDE portion of the door lock. It takes approximately 200 milliseconds from the time an attacker plugs the device in, until the door can be opened. Yes, in less than 1/4 of one second an Arduino can open any of the millions of these locks in service.

The exploit in Onity programmable keycard locks was revealed by [Cody Brocious] at the Blackhat conference. Apparently the DC barrel jack on the outside of the lock serves as a one-wire protocol interface. Once communications are established a 32-bit sitecode can be read from any of the locks and immediately used to open the door. There is no authentication or encryption used to obfuscate this kind of attack. To make matters worse, you can even read out master key and skeleton key codes. These codes facilitate ‘magic’ keys used to open a variety of different doors through the system.

We’re no strangers to easy hotel beak-ins. But how can a digital lock possibly be sold with this type of vulnerability present? Really!?

Here’s the white paper on the exploit as well as the slides from his talk (PDF).

[via Reddit]

Time To Get Serious About Going To LayerOne

April 26, 2012 by Mike Szczys 2 Comments

This year’s LayerOne Hacking and Security Conference is right around the corner. But it’s not too late to attend. You can still get a block-rate hotel room if you register by the end of April, and registration for the two-day event only costs a hundred bucks. It’s scheduled for May 26th and 27th in Anaheim California.

As usual, the Speaker lineup is quite impressive. Everything from Android Malware to embedded exploits and botnet adventures will be discussed. And then there’s the perennial favorite lock picking and hardware hacking villages. Did we mention badges? We’d bet it was this pick-and-place machine which helped assemble this year’s pile of badges. We haven’t seen any word on what they might include, but there’s a hacking contest so plan to pack your tools.

Hackaday Links: August 29, 2010

August 29, 2010 by Mike Szczys 36 Comments

Hotel room door lock picking

Here’s further proof that you should never leave anything of value in your hotel room. We’re not worried about someone getting in while the room is occupied. But these methods of defeating the chain lock and opening the door without a keycard (YouTube login required) do show how easy it is for the bad guys to steal your stuff.

iPhone frequency generator

Need one more way to make that iPhone a useful lab tool? Why not use it as a frequency generator. Start with a free app and mix in an audio cable with test leads and you’re in business.

Drag Soldering

[Andrei] sent us a link to a video about drag soldering. This is a method of soldering fine-pitch chips using a small bit of solder and a fat solder tip. The link he sent is dead now but we found another great example of the process. We were just using this method earlier in the week to solder a TSSOP38 package for an upcoming project and it worked like a charm.

Laser etched PCB

Here’s some art in PCB form thanks to a laser. We thought this might be interesting to share after seeing those art pieces made from old circuit boards. This example is laser etched, but not directly. As you probably guessed, the copper clad board is coated with resist and the laser etches some of it away. Whatever got zapped by the laser dissolves when the board is placed in acid, leaving [Riley Porter’s] art behind.

LockCon Coming Soon

September 14, 2008 by Eliot 2 Comments

The Open Organisation Of Lockpickers (TOOOL) is planning a new annual gathering for lockpickers. October 9-12th they will hold the first ever LockCon in Sneek, Netherlands. The event was spawned from the Dutch Open lockpicking championships, but they’ve decided to expand beyond just competition into a full conference. This year the conference is limited to just 100 lockpickers, technicians, manufacturers, hackers, and law enforcement members. They’ll compete in picking competitions, safe manipulation, and key impressioning.

On a related note: Organizer [Barry Wels] just became the first non-German to win an SSDeV competition with his key impressioning skills. We covered key impressioning when we saw his talk about high security keys at The Last Hope. He says it’s only been about two years worth of study and 500 keys to become a master. He managed to open the lock in 5:13 filing two whole keys during that time.

[photo: Rija 2.0]

Bump Key Experiments

May 19, 2008 by Will O'Brien 14 Comments

[Barry] took one of his blog readers comments to heart and started wondering just what happens when you bump a lock. As suggested, he made a cut away lock core and started experimenting. [Barry] doesn’t have a high speed camera, so he tried some alternatives like filling the chambers with grease to indicate pin movement. Master Lock put together a nice video demo of lock bumping (in order to sell their new bump stop gear).