Pages: [1]   Go Down
Author Topic: Arduino breaks hotel locks  (Read 1936 times)
0 Members and 1 Guest are viewing this topic.
0
Offline Offline
Full Member
***
Karma: 4
Posts: 218
Arduino rocks
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Nobody else has posted it . I suppose they all want to try it first
Hacker Uses Arduino to Gain Access to 4 Million Hotel Keys : arduino

Look back on Hack a day

http://www.extremetech.com/computing/133448-black-hat-hacker-gains-access-to-4-million-hotel-rooms-with-arduino-microcontroller
« Last Edit: July 26, 2012, 04:18:41 pm by april » Logged

Global Moderator
Offline Offline
Brattain Member
*****
Karma: 485
Posts: 18806
Lua rocks!
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

I'm a little uncertain whether we should let this thread stand. On the one hand, it seems to encourage breaking into hotel rooms. On the other hand, the information is already out there. And really, the doors sound stupidly insecure. Did the designers never think ahead to the day when someone might crack their system? Really easily?

There have been arguments in the past that if you discover a security weakness, that you should say nothing. But then the weakness is still there, and someone else may discover it, or indeed already be exploiting it. Maybe some good will come of this. Hotels might demand the doors be upgraded. Surely the firmware could at least be improved. Hotel guests and staff will be a little more suspicious if they see someone hanging around doors with an Arduino in their hand. And guests might think twice before leaving valuables in their room.
Logged


0
Offline Offline
Full Member
***
Karma: 4
Posts: 218
Arduino rocks
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

You need to read it a bit more thoroughly Nick.
There is no firmware
The post is certainly out there and very public see his blog and follow the URLs
Ten years they have known about it

His pdf gives much more - details of the encryption used , master card making ,copy keys and the portable programmer. The Arduino demo is but a small part.

Is the censors knife out already?
« Last Edit: July 27, 2012, 04:58:05 am by april » Logged

Global Moderator
Offline Offline
Brattain Member
*****
Karma: 485
Posts: 18806
Lua rocks!
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

I hadn't read the report at that stage. I was addressing the concern (raised by others) that your post may spur people to illegal activities.

Having read the report now, it doesn't seem to rule in or rule out that the lock hardware has firmware. Considering it uses a 1-wire communications system, stores property keys (presumably in EEPROM) and does crypto, it would be reasonable to assume it has some sort of microprocessor. Given that, presumably it could, with more or less difficulty, be reprogrammed to avoid this flaw.

I don't see that hotels that use this system are a heap worse off than ones that simply issue keys, because keys can be copied. I think a prudent hotel guest would not leave valuables lying around, and would also use the interior bolt when going to sleep.

But it is an interesting demonstration that a high-tech solution is not necessarily secure, and in addition, keeping all the details secret have simply hid how badly designed it is.
Logged


0
Offline Offline
Faraday Member
**
Karma: 24
Posts: 3487
20 LEDs are enough
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

IMHO almost all hotel locks are secure enough. The question is always: how easy is it to get into the room without key? (Think about fooling or bribing the maid, no high tech needed at all). The other side is: how expensive would more secure locks be? Especially with regard to maintenance? My conclusion is that the main reason for high tech locks is to make the "lost key scenario" cheaper.

Anyone who thinks that electronic locks are here to increase security is completely on the wrong track.
Logged

Check out my experiments http://blog.blinkenlight.net

Belgium
Offline Offline
Edison Member
*
Karma: 68
Posts: 1920
Arduino rocks; but with my plugin it can fly rocking the world ;-)
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

There are many "known security issues" in this world. if they are not used "to often" the issue is not fixed.
Best regards
Jantje
Logged

Do not PM me a question unless you are prepared to pay for consultancy.
Nederlandse sectie - http://arduino.cc/forum/index.php/board,77.0.html -

Global Moderator
Offline Offline
Brattain Member
*****
Karma: 485
Posts: 18806
Lua rocks!
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

... how easy is it to get into the room without key? (Think about fooling or bribing the maid, no high tech needed at all).

He's right. Many times I've returned to my room when it is being cleaned. I just walk past the maid, smile, sit down and read the newspaper. I never get challenged.

Of course if it was not my room the real guests might return any moment, that is a danger. But that also applies if you break in with some fancy key system.
Logged


Manchester (England England)
Offline Offline
Brattain Member
*****
Karma: 627
Posts: 34213
Solder is electric glue
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

A lock only ever stops an honest man. So the degree of "security" it offers is irelevant.
Logged

0
Offline Offline
Full Member
***
Karma: 4
Posts: 218
Arduino rocks
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

It  was never my intention to start a thread on lock breaking and security and I agree with the posters.

My  posting is due to  amazement at the uses of Arduino controllers in everyday life and the acceptance of electronic solutions in ever increasing situations .
A knowledge of micro controllers is now a much needed asset
Logged

Pages: [1]   Go Up
Jump to: