Monday, August 13, 2012

Hacking Hotels

Breaking into a hotel room with less than $50 in hardware
The technical security media has been all abuzz about a recent Black Hat presentation by Cody Brocious on hacking electronic hotel door locks.

The original author's documentation including the paper and slides are here.

Here's the simplified version:
  • The vendor of the locks has an overwhelming majority of the market in the U.S. (chances are you stayed in a room that had this exact lock on it)
  • The key cards use crypto for implementing the access control
  • The mathematical aspect of the crypto is more or less fine (as is usually the case)
  • The problem comes in managing keys (which is pretty much always the problem!)
  • An administrative feature is easily exploited-- which is only slightly better than vendors shipping products with widely-known default passwords.
  • An administrative maintenance device, when connected, can extract the crypto key and break the access control
  • You can roll-you-own maintenance device on the very, very cheap
  • Yes, this probably looks like a scene in any random Hollywood movie
  • This will likely be a majorly expensive pain to fix for the vendor and hotels
  • "Compensating controls" in this case include surveillance cameras, internal dead bolt manual locks, et al

No comments: