At the Black Hat hacker conference in Las Vegas in 2012, a hacker prodigy and budding security researcher presented evidence that up to 10 million hotel key card locks were vulnerable to attack and being unlocked with a rigged, handheld device. The key card lock company, instead of fixing the problem, tried to ignore it with rather costly results.
What’s worse is despite it being 5 years later, millions of these locks have not been fixed, leaving a lot of unsuspecting travelers in for a shock.
In 2012, Cody Brocious, a then 24-year-old security researcher, found a rather serious flaw in the design of lock firm Onity’s key card locks, and the bug would affect an estimated 10 million hotel rooms around the world.
The flaw he found wasn’t very high-tech, nor did he have to break through firewalls or bypass encryption: Onity locks all come with a port on the bottom of said locks, and a device called a “portable programmer” could be inserted by hotel staff in order to see which keys had been used to go in and out or even which doors’ locks could be opened with master keys.
A hacker can use those ports and a device that manipulates the lock into opening itself, gaining access to millions of hotel rooms without any sign of forced entry.
As egregious as this sounds, and it is, in Onity’s defense, hacking was not nearly as big a concern when they were designing these locks. That said, one would hope a company takes security very seriously, especially when they make locks which are protecting our valuables.
Getting back to Cody Brocious, he started trying to hack Onity locks in the first place because a small, start-up and potential competitor of Onity hired him to reverse engineer their locks in order to create a competing product. The start-up ultimately failed, but it was not fruitless.
While he was attempting to do the reverse engineering, he stumbled upon something remarkable: the encrypted key used by Onity that triggered the unlock mechanism on all of their locks is storedon the locks themselves.
This is akin to saying Onity left spare keys under the welcome mats of 10,000,000 hotel rooms and their guests’ possessions.
Armed with this important information, Brocious headed to the Black Hat conference in put on a live demonstration at Caesar Palace, where he successfully opened an Onity lock using a crude device he put together for $50 worth of parts.
After this successful demonstration, Cody posted the results and all the code required to duplicate it on his website; and this information slowly made the rounds with amateur hackers.
Now normally when a vulnerability is discovered in something as crucial as locks on hotel doors, companies will move to fix it immediately; but only after it is brought to light and they’re forced to do so. There are not many companies out there willing to spend the money to test and refine their own security systems.
Onity was no different in that respect, but they did act differently than the others in another respect: Instead of patching this massive security flaw once it was discovered, they basically tried to ignore it.
And they nearly got away with it if it weren’t for one meddling kid. (<--- Scooby Doo reference)
Aaron Cashatt is not the hero of this story, however. His meddling included making a hand-held device, created with the help of Cody Brocious’ copious notes posted on his website, and robbing over an estimated 100 hotel rooms without any sign of forced entry. (Cashatt hints that it’s more than that, however)
He ended up going on an epic hack-a-thon for years, running from the police, and raiding hotel rooms wherever he went. It got so bad that a multi-agency operation called ‘Operation Hotel Ca$h’ was created with the sole purpose of tracking him down.
All the publicity surrounding this finally forced Onity to fix their locks, only they didn’t do a very comprehensive job, instead relying on a cheap fix: They installed plastic plugs to cover the ports at the bottom.
Although you have to use a particular type of Torx screwdriver, the bottom panel can still be popped off, and with a little practice, takes a whopping 20 seconds to accomplish. This will again give a hacker access to the ports, and the unlocking mechanism is once again vulnerable.
Onity was asked about the possibility of a persistent lock vulnerability, and the company responded with, “mechanical solutions have been shipped to all known affected customers, enabling them to implement the security upgrade.”
But when talking to his mother when she visited Cashatt in jail in recently, he asked her which hotel she was staying at. Upon giving her answer, he gravely warned her, “Don’t leave anything in that room.”
Comments will be approved before showing up.
Music is a necessity for me. My i-pod needs protection also, as my info is on it as well as my music. This sleeve fits it perfect.
I had to upgrade my phone and was extremely concerned with the 5G capabilities. This bag completely blocks ALL signals. I place my phone in my bag when I go to bed at night! Would 100% not only purchase again, but would purchase for friends/family, too! 5 stars!!
Perfect for blocking signals and also a day on the boat. 10/10 definitely recommend.
A must have for anyone whom privacy is important 5 star product
Thank you guys for supporting the fight for our right to privacy and combating mass surve.. Keep up the good work, the bag is amazing quality and I love the privacy stickers. Thanks a lot SLNT
I bought 4 Faraday Silent Pockets after reading about car fob venerability. I feel must more secure now. Get yours today to stop thieves from duplicating your fob’s signal anywhere!
I absolutely love my backpack I purchased… we need to protect our privacy now more than ever. I don’t travel without this & neither should you 😎
This is definitely a great bag for your phone. It sure seems to block everything I have tried to throw at it. Will be purchasing more!
Seems to work as expected. Hope to never do a hard test. Feel my backups are now well protected.
I purchased the SLNT pocket that an iphone 11 with an Otter Box fits in. The quality of the finished product is HIGH. I'm not addicted to my phone, so this allows me to place the phone in the pocket before traveling about daily without dropping digital crumbs along the way that could be used to reverse engineer my personal movements, locations and destinations with greater ease. I value my privacy due it being a fundamental human right despite what any judge or agency claims to the contrary.
I was very pleased to realize that this particular SLNT fits into my back pants pocket!!! The width is 'just right'. Now that's attention to detail. This is my 3rd SLNT and I recommend them to a lot of folks. Most have never heard of such a product, let alone the reason to have one and use it.
To anyone considering these products, as others have said, just get it! We live in an age where we need it. Location tracking is digital stalking. I really appreciate that some dirtbag won't be able to pull info out of my device either. Thank You SLNT, nice job.
Excellent quality, handsome, fit well, I like them and use them. Good to have protection.
Live in a condominium area. Thank you for giving me back my privacy!!
My laptop is now waterproof, padded and protected from solar flares, EMP's, hackers and trackers.
And it looks good too
4-5 starts.... well made, great function ...not only do I feel like I've helped secure my privacy but when I place the phone in the pocket I am able to disconnect from tech and have quiet private time with less stress and fewer distractions. Psychologically its been a great aid to me.
The Silent Pocket is a fantastic accessory, I am sleeping better with lack of EMF in the room and knowing that my privacy is literally in my hands.
Shipping took very little time, very happy!