Hotel key security flaw demonstrated at Black Hat conference


(CBS News) You can tell a Black Hat security conference is successful by how much fear the presentations instill afterward. This summer, one hacker will demonstrate how he can hack a hotel lock with just $50 worth of supplies.

Facebook's facial recognition system, why it's scary
Black hat hacker can remotely attack insulin pumps and kill people
New forensics tool can expose encrypted online activity

Mozilla software developer Cody Brocious will give a presentation Tuesday at the Black Hat USA 2012 conference, demonstrating how to open a hotel lock from the manufacturer Onity in a matter of seconds.

According to Forbes, Brocious built an open-source gadget with a plug that can be inserted into a DC power port of a hotel lock. The 24-year-old hacker's device worked on standard Onity locks that were ordered online, but when tested in hotel rooms in New York City, Brocious got mixed results. Of three hotel locks, Brocious was able to open just one.

Brocious was able to accomplish the hack by replicating a portable programming device that hotel staff members use to assign master keys to doors. His device is able read the string of data that is stored in a lock's memory.

"With how stupidly simple this is, it wouldn't surprise me if a thousand other people have found this same vulnerability and sold it to other governments," Brocious told Forbes. "An intern at the NSA could find this in five minutes."

But Brocious' findings are not foolproof. One of the theories on why the hack wasn't 100 percent successful on location is that the timing of the communication between his device and Onity's lock was not right.

Brocious will publish his findings on this website after the Black Hat demonstration, but he doesn't plan to continue his work, for fear that it could threaten the security of millions of hotel guests. Onity locks are installed in an estimated four to five million hotels worldwide.

The Black Hat USA 2012 conference is held in Las Vegas from July 21 to 26.