#KEYCARD LOCK UPGRADE#
The upgrade will be made available after thorough testing to address any potential security concerns that you may have."Īccording to Onity's statement, the company is preparing two fixes. "However to alleviate any concerns, we are developing a firmware upgrade for the affected lock-type. "Onity understands the hacking methods to be unreliable, and complex to implement," according to the statement. In a statement released earlier this month, Onity told customers that it was working on fixes for the "alleged vulnerability" demonstrated by Brocious. And it's very possible that someone malicious may have used this in the past-it wouldn't surprise me in the least." "The only thing preventing people from finding this. "This isn't something complex the vulnerability itself is very, very simple," Brocious said in an interview at Black Hat. As a result, once someone such as Brocious reverse-engineered the underlying communications protocol, they could trick the keycard lock into opening itself, using a bit of programming and $40 in parts available via or Radio Shack.
The attack capitalized on two flaws involving Onity's hotel keycard locks: Their memory could be arbitrarily accessed by an attacker, and the related communications data wasn't encrypted. Last month, security engineer Cody Brocious demonstrated his attack against hotel locks made by Onity, which commands 50% of the hotel lock market, comprising somewhere between 4 million and 10 million locks. The demonstration of a real-world hardware security flaw in hotel room keycard locks at this year's Black Hat information security conference in Las Vegas saw guests literally reaching for their deadbolts. (click image for larger view and for slideshow) 11 Security Sights Seen Only At Black Hat
0 kommentar(er)
