The Onity lock is used by many hotels across the world to provide access for their guests. A hacker named Cody Brocious has shown how to open these locks without the use of a key card. This is a significant security flaw that could allow guests to have access to other rooms in the hotel. The hack works by exploiting the DC power port on the bottom of the Onity lock. The power port is used to change the code on the lock, but it also provides a way for hackers to bypass the code and unlock the door.
Mr Brocious, who works for a startup company that provides security technology to the hospitality industry, repurposed a portable programming device he built from an Arduino microcontroller and other components to trick the Onity lock into letting him in. He discovered that a plug placed into the DC port below the lock allows the user to control a circuit that reads the lock’s memory. This circuit is capable of determining which master keys open each door, and allows a user to gain entry by matching the lock’s memory with their own key.
When testing the system on a standard Onity lock, Mr Brocious was able to open the door in less than a second. However, in tests with three doors at three hotels in New York City, the system was not as successful. This suggests that the company is making some improvements to its products, which is encouraging.