Hackers have created a device that fits inside a dry-erase pen that can be used to instantly open hundreds of thousands of hotel door locks worldwide. Security-conscious guests may wish to leave their valuables at home.
The pen builds on the work of security buff Cody Brocious, who publicized a flaw in lock-maker Onity's systems earlier this year. It relies on the fact that the locks have very little security on their memory systems, allowing any device that knows the Onity lock "language" (proprietary but not particularly difficult for a skilled hacker to figure out) to unlock it, among other things.
Brocious created a proof-of-concept device to show to security experts and press, but it was a bit crude. Matthew Jakubowski, also in computer security, felt that a smaller and more reliable device could be created. The result is a skeleton key for certain hotel locks that fits inside a dry-erase marker.
Jakubowski had originally hoped to fit it inside a regular pen, but the prototypes were a bit too large, and the marker is just as concealable. It's built with off-the-shelf components, and the necessary circuit diagrams and software are freely available.
The point was to show that a hardware hack like this doesn't have to be something conspicuous, like a laptop connected to a special card or connector. The marker contains the circuit board, microprocessor, card reader interface, and a battery — it's truly a James Bond-esque device, as Jakubowski proudly points out. The video he took shows that it works almost instantly.
Onity posted an announcement on its website about the vulnerability when it was first revealed, but has since replaced it with a phone number for affected hotels to call. Several hotel chains contacted by NBC News at the time did not return comment. We have also reached out to Onity for comment on the situation and will update the article if we hear back.
Devin Coldewey is a contributing writer for NBC News Digital. His personal website is coldewey.cc.
