At this year’s Black Hat USA security conference, Cody Brocious, also known as Daeken, demonstrated how a vulnerability in Onity keycard locks – used by hotels worldwide for millions of room doors – could be leveraged to open a door. Now, the company promises to address the issue.
In his presentation, the researcher showed he could connect a homemade device to the lock’s portable programmer via an opening found on its underside, obtain the decryption key, access its firmware and command the door to open, all this in a very short amount of time.
In order to mitigate the attacks described by the researcher, Onity provides a couple of solutions. The first one would be to provide customers with a mechanical cap, along with a security TORX screw, to cover up the port which the expert used to connect his own device to the lock's portable programmer.
Brocious claims that this solution – which will be provided for free – is effective because it considerably increases the time that’s needed to hack the lock. However, he stresses that this may not work for locks from the ADVANCE series.
The second solution is more complex, but also somewhat more controversial: a firmware upgrade on both the locks from the ADVANCE and the HT series.
This measure involves the replacement of the entire control board and it will require customers to pay a nominal fee.
Furthermore, the researcher believes that in order to properly address the vulnerabilities – an arbitrary memory read and buggy cryptography for key cards – not only the circuit boards may need to be replaced, but also the encoder and the portable programmer.
Since the costs of the security upgrade will not be insignificant and will have to be handled by the hotels, the expert fears that many owners might choose not to implement the new systems, leaving their customers exposed.
Brocious also highlights the fact that the fixes proposed by the company should be accompanied by an audit performed by independent security professionals to avoid letting this issue persist, and new issues from emerging.