Sadly, Hacking Into Hotel Rooms is Easier Than Ever

Once upon a time, hotel rooms came with real metal keys. Then those sturdy little metal tools were replaced by key cards.

They fit snugly in a wallet but seemed insecure. Hacking a lock triggered by a mere magnetic strip seemed easy.

And now that fear of hacking has come true. With $50 worth of hardware and a keen set of programming skills, pros and amateurs alike can hack into hotel keycard locks.

The keycard isn’t duplicated. Instead, the hotel room electronic key lock gets hacked. Hotels like Holiday Inn, Marriott and even the Waldorf Astoria, which all use key cards made by the lock company Onity, are especially vulnerable.

According to Mozilla software developer Cody Brocious, all it takes is a small, handheld electronic device that plugs into the DC power socket at the bottom of the hotel lock; which, in happier times, is used to charge the hotel lock and program it with the specific hotel’s site code (a 32-bit key).

The handheld device is comprised of an Arduino board, a battery, DC plug, and some resistors. Once plugged in, Brocious’ Arduino micro controller enables him to read the key from the locks stored memory. No muss. No fuss. Complete room access. Want to sleep well at your Comfort Inn? Here it is demonstrated for “entertainment purposes” on how easy it is to hack one of these locks:

The plugged in micro controller reads back the 32-bit key and Brocious is in the hotel room in under a microsecond. Check out the full PDF of the presentation on hacking a hotel lock Brocious gave at the Black Hat security conference in Las Vegas. Brocious isn’t exposing the vulnerabilities in the system to encourage hotel hacking. It wants the hotel chains to understand the problem and fix it.

A more low-tech version on how to hack into a hotel room, and pry open the flip-lock, can also be done with a very simple plastic Do Not Disturb sign:

So, you think this type of hack only happens on episodes of Mr. Robot? Think again. Aaron Cashatt is in prison for a meth-fueled hotel-robbing spree using Brocious’ hacking technique. Before he was caught, he hacked hotels from Arizona to Tennessee, amassing goods estimated close to a half million dollars.

So how can we protect ourselves with our valuables? Two words: hotel safes.