Bedbugs aren’t the only thing to worry about when you’re traveling: The lock of your hotel room door may be vulnerable if you’re staying at one of the 22,000 hotels and in one of the four million hotel rooms affected by an apparent security flaw.
Hackers have reportedly developed a device masquerading as a dry erase marker that can open a hotel room door in the blink of an eye if the room is equipped with an Onity lock, a popular hotel room lock.
According to Forbes.com, Cody Brocious developed the hack which was then refined by Matthew Jakubowski:
“A trio of hackers have built a tool that appears to be an innocent dry erase marker, but when inserted into the port on the bottom of a common form of hotel room keycard lock triggers the lock’s open mechanism in a fraction of a second.
” … Through the port on the bottom of the lock intended for a device that hotels can use to set master keys, Brocious found he was able to read the lock’s memory, including a decryption key stored on the locks that gave him access to their opening mechanism.”
Jakubowski told Forbes that “I guess we wanted to show that this sort of attack can happen with a very small, concealable device. Someone using this could be searched and even then it wouldn’t be obvious that this isn’t just a pen.” Jakubowski and his colleagues made the dry erase marker hacking tool with $30 worth of parts.
In August, Onity apparently promised to fix the security flaw in its hotel locks but it’s not clear if the fix has been fully implemented. “When you see a pen doing this it ought to open customers eyes a little more,” Jakubowski explained to Forbes. “If you make customers more aware that this is out there, I hope that will put pressure on hotel lock makers to make sure their locks are secure.”
Watch a demonstration by Matthew Jakubowski of the dry erase marker hotel room lock hack: