Your hotel room keycard lock is vulnerable to hackers

By Andrew Couts Published August 2, 2012

Onity HT24 lock — Image used with permission by copyright holder

The next time you stay at a hotel with keycard locks on your room door — that is to say, nearly any hotel nowadays — beware: You may not be the only one who can get in. And we’re not talking about the cleaning staff.

This is the warning of 24-year-old Mozilla software developer and self-described hacker Cody Brocious, who recently showed Forbes’ Andy Greenberg just how vulnerable some 4 million of the keycard locks used in popular hotels are to hacker trickery.

Recommended Videos

Brocious, who will present his complete findings at the Black Hat security conference in Las Vegas on Thursday, found that keycard locks made by manufacturer Onity can sometimes be opened using a $50 homemade, open-source gadget that plugs into the DC port located at the bottom of the lock housing. Brocious’s hacking tool works because the DC power port allows access to the lock’s memory (the lock is controlled by a simple computer, after all), which contains a piece of code that tells the lock to open, explains Greenberg. Just plug in the device, and a few seconds later, “click,” and you’re in.

At least, that’s how it is supposed to work — in practice, it’s not that reliable. Greenberg says that of the three doors Brocious attempted to demonstrate the tool’s ability on, only one worked — after the second try.

Brocious discovered the vulnerability in Onity’s lock system by accident, he says, while working for a startup called Unified Platform Management Corporation (UPM), which was attempting to create a universal lock system for hotels. Brocious was tasked with reverse engineering Onity’s locks, and thus discovered the “open sesame” trick. UPM later sold the intellectual property to locksmith training school the Locksmith Institute for $20,000. In other words: The ability to open Onity locks is not new, nor is Brocious the only one who knows how to build the electronic lock pick device.

When Greenberg contacted Onity to ask about its locks’ vulnerability, the company said it had not heard of Brocious’s invention, and ” places the highest priority on the safety and security provided by its products and works every day to develop and supply the latest security technologies to the marketplace.”

Not exactly reassuring, to say the least. Perhaps now you’ll make good use of that deadbolt.

Topics

Emerging Tech

Former Digital Trends Contributor

Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…

Outdoors

Juiced Bikes offers 20% off on all e-bikes amid signs of bankruptcy

Juiced Bikes Scrambler ebike

A “20% off sitewide” banner on top of a company’s website should normally be cause for glee among customers. Except if you’re a fan of that company’s products and its executives remain silent amid mounting signs that said company might be on the brink of bankruptcy.That’s what’s happening with Juiced Bikes, the San Diego-based maker of e-bikes.According to numerous customer reports, Juiced Bikes has completely stopped responding to customer inquiries for some time, while its website is out of stock on all products. There are also numerous testimonies of layoffs at the company.Even more worrying signs are also piling up: The company’s assets, including its existing inventory of products, is appearing as listed for sale on an auction website used by companies that go out of business.In addition, a court case has been filed in New York against parent company Juiced Inc. and Juiced Bike founder Tora Harris, according to Trellis, a state trial court legal research platform.Founded in 2009 by Harris, a U.S. high-jump Olympian, Juiced Bikes was one of the early pioneers of the direct-to-consumer e-bike brands in the U.S. market.The company’s e-bikes developed a loyal fandom through the years. Last year, Digital Trends named the Juiced Bikes Scorpion X2 as the best moped-style e-bike for 2023, citing its versatility, rich feature set, and performance.The company has so far stayed silent amid all the reports. But should its bankruptcy be confirmed, it could legitimately be attributed to the post-pandemic whiplash experienced by the e-bike industry over the past few years. The Covid-19 pandemic had led to a huge spike in demand for e-bikes just as supply chains became heavily constrained. This led to a ramp-up of e-bike production to match the high demand. But when consumer demand dropped after the pandemic, e-bike makers were left with large stock surpluses.The good news is that the downturn phase might soon be over just as the industry is experiencing a wave of mergers and acquisitions, according to a report by Houlihan Lokey.This may mean that even if Juiced Bikes is indeed going under, the brand and its products might find a buyer and show up again on streets and trails.

Cars

Volkswagen plans 8 new affordable EVs by 2027, report says

volkswagen affordable evs 2027 id 2all

Back in the early 1970s, when soaring oil prices stifled consumer demand for gas-powered vehicles, Volkswagen took a bet on a battery system that would power its first-ever electric concept vehicle, the Elektro Bus.
Now that the German automaker is facing a huge slump in sales in Europe and China, it’s again turning to affordable electric vehicles to save the day.Volkswagen brand chief Thomas Schaefer told German media that the company plans to bring eight new affordable EVs to market by 2027."We have to produce our vehicles profitably and put them on the road at affordable prices," he is quoted as saying.
One of the models will be the ID.2all hatchback, the development of which is currently being expedited to 36 months from its previous 50-month schedule. Last year, VW unveiled the ID.2all concept, promising to give it a price tag of under 25,000 euros ($27,000) for its planned release in 2025.VW CEO Larry Blume has also hinted at a sub-$22,000 EV to be released after 2025.It’s unclear which models would reach U.S. shores. Last year, VW America said it planned to release an under-$35,000 EV in the U.S. by 2027.The price of batteries is one of the main hurdles to reduced EV’s production costs and lower sale prices. VW is developing its own unified battery cell in several European plants, as well as one plant in Ontario, Canada.But in order for would-be U.S. buyers to obtain the Inflation Reduction Act's $7,500 tax credit on the purchase of an EV, the vehicle and its components, including the battery, must be produced at least in part domestically.VW already has a plant in Chattanooga, Tennesse, and is planning a new plant in South Carolina. But it’s unclear whether its new unified battery cells would be built or assembled there.

Cars

Nissan launches charging network, gives Ariya access to Tesla SuperChargers

nissan charging ariya superchargers at station

Nissan just launched a charging network that gives owners of its EVs access to 90,000 charging stations on the Electrify America, Shell Recharge, ChargePoint and EVgo networks, all via the MyNissan app.It doesn’t stop there: Later this year, Nissan Ariya vehicles will be getting a North American Charging Standard (NACS) adapter, also known as the Tesla plug. And in 2025, Nissan will be offering electric vehicles (EVs) with a NACS port, giving access to Tesla’s SuperCharger network in the U.S. and Canada.Starting in November, Nissan EV drivers can use their MyNissan app to find charging stations, see charger availability in real time, and pay for charging with a payment method set up in the app.The Nissan Leaf, however, won’t have access to the functionality since the EV’s charging connector is not compatible. Leaf owners can still find charging stations through the NissanConnectEV and Services app.Meanwhile, the Nissan Ariya, and most EVs sold in the U.S., have a Combined Charging System Combo 1 (CCS1) port, which allows access to the Tesla SuperCharger network via an adapter.Nissan is joining the ever-growing list of automakers to adopt NACS. With adapters, EVs made by General Motors, Ford, Rivian, Honda and Volvo can already access the SuperCharger network. Kia, Hyundai, Toyota, BMW, Volkswagen, and Jaguar have also signed agreements to allow access in 2025.
Nissan has not revealed whether the adapter for the Ariya will be free or come at a cost. Some companies, such as Ford, Rivian and Kia, have provided adapters for free.
With its new Nissan Energy Charge Network and access to NACS, Nissan is pretty much covering all the bases for its EV drivers in need of charging up. ChargePoint has the largest EV charging network in the U.S., with over 38,500 stations and 70,000 charging ports at the end of July. Tesla's charging network is the second largest, though not all of its charging stations are part of the SuperCharger network.