By Anthony Berrios
Blog Post #14
This article, brought to you all by Wired, is an article about an infamous hotel hacker/thief by the name of Aaron Cashatt. It all started when Cashatt was able to exploit a software bug in one ultra-common model of hotel keycard lock to break into a hotel he was at. His success lead to him going on a mass theft spree, hacking and stealing form over 100 hotels across the country. Cashatt was able to successfully steal anything from T.V’s to the guests luggage from the room he broke into.
Police had little to no idea how these crimes were being done. At first they suspected maybe a maid stole form the hotels, but as the cases piled up they realized it was a serial act. “Everything’s gone, No prints, No forced entry,” recalls Tyler Watkins, a detective for the Tempe, Arizona, police department who tracked those first few cases. “It was like a ghost had slipped in and slipped out.”
The questions is, what was this flaw that Cashatt was able to take advantage of? Well a researcher by the name of Cody Brocious had discovered that a security vulnerability he’d found in key card locks that could unlock 10 million hotel rooms around the world. The faw was that each of the Onity locks had a port on its underside into which hotel staff could insert a device the company called a portable programmer. the device could read which keys had recently opened which doors or set which doors could be opened with which master keys. And since the portable programmers also functioned as master keys themselves, they were carefully guarded by hotel owners. Brocious decided to reverse engineer the Onity lock so that he could create a competing system. This company of his never took off but what Brocious realized is that the cryptographic key that triggered the unlock command on the Onity lock wasn’t stored in the portable programmer but the lock itself. This meant that the lock was vulnerable to easily being hacked.
This was an interesting story that I had come across because it incorporates physical hacking (lock picking) instead of your typical software and internet based hacking. I thought that this would be a nice change of pace topic that anyone reading can feel free to look into more from the link I’ve provided below.
PC Security & News 