|Breaking into a hotel room with less than $50 in hardware|
The original author's documentation including the paper and slides are here.
Here's the simplified version:
- The vendor of the locks has an overwhelming majority of the market in the U.S. (chances are you stayed in a room that had this exact lock on it)
- The key cards use crypto for implementing the access control
- The mathematical aspect of the crypto is more or less fine (as is usually the case)
- The problem comes in managing keys (which is pretty much always the problem!)
- An administrative feature is easily exploited-- which is only slightly better than vendors shipping products with widely-known default passwords.
- An administrative maintenance device, when connected, can extract the crypto key and break the access control
- You can roll-you-own maintenance device on the very, very cheap
- Yes, this probably looks like a scene in any random Hollywood movie
- This will likely be a majorly expensive pain to fix for the vendor and hotels
- "Compensating controls" in this case include surveillance cameras, internal dead bolt manual locks, et al