It is not difficult to image that it is quite easy for hackers to hack a hotel room door, but it is surprising to discover that it is possible to do with a $6 tool.
Weston Hecker, a security researcher with Rapid7, has devised a cheap and small device that can be used to open guest rooms.
The device has the size of a card deck and can be used also to hack into point-of-sale systems and cash registers.
Last yeas the popular hacker Samy Kamkar, designed a tool dubbed MagSpoof, a cheap gadget (it goes for US$10) that can predict and store hundreds of American Express (AMEX) credit cards and use them for wireless transactions. The tiny gadget is a credit card/magstripe spoofer and can be used also at non-wireless payment terminals, it is composed of a micro-controller, motor-driver, wire, a resistor, switch, LED, and a battery.
Now, Weston Hecker started from the Kamkar’s MagSpoof and improved, the $6 tool, in fact, can read and duplicate keys directly. The tool is also able to launch a “brute force” attack against the door lock in order to guess every room’s key.
The attacker can use the tool to access information from hotel room key, including the encoded output of their folio number, the hotel room number, and also the checkout date.
The hacker could put the tool close to the card reader and run a brute force attack by trying every possible combination of the above information. The tool is very speedy, it is able to make 48 guesses at a key in just a minute.
“He would then know what data fields needed to be guessed for a key copy to be found.” wrote Thomas Fox-Brewster from Forbes.
“The hacker could then walk up to a hotel room, hold Hecker’s tool close to the card reader, and it would run through every possible combination of those details, before spewing out the encoded data (i.e. the key).”
The device is fast because compared with original Kamkar’s tool it uses a few more antennas that work in parallel like a load balancer.
“Think of it as load balancing,” Hecker explained to Forbes. “When one overheats, it moves over to the next one.”
The device could be used to hack PoS systems, once in their proximity it is able to inject keystrokes via the magstripe reader.
The F8 key could open the cash register on many PoS systems, but the tool could be exploited by attackers to force the PoS to visit a website hosting a malware that is able to infect the point-of-sales.
“Hecker started tinkering with hotel key brute force attacks in April, though his techniques were somewhat slower, taking as long as 20 minutes to guess a key. He did, however, discover during that research he could use a cheap Chinese MP3 player to inject credit card numbers into an ATM machine for potential theft.” reported Forbes.
Hecker will present his $6 tool at the DEF CON conference in Las Vegas this week.
(Security Affairs – $6 tool, hacking Point-of-Sale)