The demonstration of a real-world hardware security flaw in hotel room keycard locks at this year's Black Hat information security conference in Las Vegas saw guests literally reaching for their deadbolts.
Last month, security engineer Cody Brocious demonstrated his attack against hotel locks made by Onity, which commands 50% of the hotel lock market, comprising somewhere between 4 million and 10 million locks. The attack capitalized on two flaws involving Onity's hotel keycard locks: Their memory could be arbitrarily accessed by an attacker, and the related communications data wasn't encrypted. As a result, once someone such as Brocious reverse-engineered the underlying communications protocol, they could trick the keycard lock into opening itself, using a bit of programming and $40 in parts available via sparkfun.com or Radio Shack.

The link for this article located at Information Week is no longer available.