Does the word “pentester” ring any bells in your head? You’re probably thinking about people who test writing pens. That’s what I thought the first time, too. But, the word “pentester” actually stands for penetration tester, people who tests security vulnerability in access systems. But, a trio of pentesters have given the term a literal meaning.
In July, a Mozilla software developer hand hacker named Cody Brocious demonstrated the vulnerability of electronic locks in hotel rooms at the Black Hat security conference. He demonstrated how an electronic lock’s memory, including a decryption key, can be read and used to unlock doors without any key through a port located at the bottom of the lock. This hacking technique inspired other pentesters to develop a stealth device that would be able to unlock virtually every locked hotel doors without a key.
Matthew Jakubowski along with two fellow pentesters built a dry erase marker alike hotel door opener pen. The trio spent a total of $30, and took 8 hours to assemble the door opener pen.
With the help of Cody’s method, Jakubowski built an Arduino circuit first. Once, the circuit was working perfectly, he decided to build a prototype of tiny devices that would fit in the dry erase marker. Jakubowski and his two assistance used the following components to build their prototype.
- 1 ATMega328 (pre-loaded with the sketch)
- 1 5.6k resistor
- 1 30 ohm resistor
- 1 16Mhz Crystal
- 1 3.3v Zener diode
- 1 A23 12V Battery
- 1 SPST tall mini push button (momentary on)
- 1 DC (coaxial) barrel connector, 5mm outer diameter, 2.1mm inner diameter
- 1 Protoboard 1-3/4in. X 1-1/2in
The team also provided a diagram that will help others to create (if anyone wants to) their own electronic lock opener pen.
The completed circuit might look like this.
Jakubowski hopes after seeing this, electronic locks makers would work harder to make electronic locks more secure. Jakubowski said, “When you see a pen doing this it ought to open customers eyes a little more. If you make customers more aware that this is out there, I hope that will put pressure on hotel lock makers to make sure their locks are secure.”