Sometimes cybercrime seems abstract. For the luddites
(techno-muggles?) among us, the idea of stealing data doesn’t always come
across as frightening or immoral as the theft of physical property.
Unfortunately for Hyatt Houston guest Janet Wolf, a Dell IT
services consultant, cyber crime and physical crime came together in a perfect
storm when a criminal was able to exploit a vulnerability in her hotel room’s
electronic key card reader, allowing the thief to enter her room and steal her
laptop.
Initially, hotel management suspected the maid staff, but
after discovering that none of the maid’s keys had been used to open the door,
other culprits were investigated, eventually leading police to 27 year-old
Matthew Allen Cook who was caught after selling the stolen laptop to a local
pawnshop.
It turns out Cook used software and a device originally
developed by Mozilla developer and security researcher Cody Brocious who
detailed the key card hack at the Black Hat security conference. Brocious’
device, as he demonstrated, could be built for less than $50 and utilized the
DC port on the bottom of the door lock to access the locks memory where a data
string is stored that can trigger the door to open.
Fortunately, this is, so far, an isolated incident. But, White
Lodging, the franchise that manages the Houston Hyatt, said the vulnerable
locks made by a company called Onity are used on more than 4 million hotel room
doors worldwide.
So how do you patch a security flaw like this? As it turns
out, quite literally, with a patch. White Lodging said they put putty in the DC
ports of all of their hotel room locks to prevent further access.
Onity has also released a technical and mechanical solution
to their lock problem and is currently filling orders for the new systems.
No comments:
Post a Comment