Hack of the day

It looks like Cody Brocious, a malicious hacker managed to break the code from the door locks of most hotels which use card readers instead of plain metal keys for entering customers rooms.

Apart from the fact that I will think twice before leaving any luggage in such hotel rooms, this hack raises a couple of questions regarding the publicity around this hack.

Firstly, I went into the quite clear presentation of the flaw, that you can read too here (slides) or there (web page including code). Many web sites produced a loud echo to the original presentation, but most of them miss the interesting part of it. Most papers emphasis on the fact that a miserably cheap Arduino board suffice to break palace doors, while, very, very few papers go into the details of the whole hacking process.

In this case, Cody Brocious is clear about the fact that you need to trick the hotel personal in order to get a second smart card, after declaring that you have “lost” the first one. This takes us back to the fundamental of hacking, deciphering,  code breaking, what ever the more or less noble word for naming the action of getting into some place you are not supposed to be in. This reminds me of early attempts to get into GM/BOSH ECUs: once I have been made aware that the initialization of the communication protocol was one byte sent at 5 Hz, followed by frames sent at 8192 Hz, every thing went much better.

Many books that I read on this matter relate to the fact that most hackers benefited from a piece of luck, taking the form of notes written on a piece of paper thrown in the waste bin instead of the shredder or taking the form of a recurrent good/bad habit, like in the Enigma case (Remember, we are still in the Turing year!).  BTW, as Xmas time is approaching, you may take the time to read this book, which is a good starter “The Secret History of Codes and Code-breaking” written by Simon Singh.

Code Breaking is not as is easy as reading a memory: from the discovery of the changed bit after getting a new card to the opened door result, there is quite a long way. And he made it.

Since I am now aware, I will no longer travel without an Arduino board fitted with my exclusive, lethal, anti burglar shield, equipped with power lasers, toxic gas dispenser, electrical shocks generator, and more… Watch out Cody followers!


Leave a Reply

You must be logged in to post a comment.