In a turn of innovation fit for a spy novel, a hack that unlocks some 4 million hotel-room doors has gone undercover, hiding inside a dry-erase marker.
Ethical hackers at security firm Trustwave's penetration testing arm, SpiderLabs, said they'd improved on the proof-of-concept that Cody Brocious demonstrated this summer, whereby a cheap homemade device can trip certain Onity keycard locks simply by being inserted into a data port on the bottom of the casing and turned on.
On the SpiderLabs blog, Matthew Jakubowski laid out a parts list, diagram and photos to show readers how he was able to fit Brocious' design into the inconspicuous, everyday marker. He had originally hoped to get it into a smaller chassis, like a ballpoint pen, but limited resources meant he would have to upsize.
"We wanted to show that this sort of attack can happen with a very small, concealable device," Jakubowski told Forbes, who hopes the pen trick will be a wake-up call to hotels and their guests alike.
The 24-year old Brocious originally demonstrated the trick at the Black Hat hacker's conference in Las Vegas that the lock manufacturer originally rolled its eyes at, calling the hack "unreliable and complex to implement."
Since then, though, Onity, whose locks are the last defense for millions of hotel guests around the world, has acknowledged the seriousness of the problem and made an updated chip that Onity customers can purchase and install in the affected locks. This approach, however, has come under fire from those who think Onity should eat the cost of its mistake instead of shifting any burden onto the hotels that use their locks.
"If such a case were to happen to a car," Brocious wrote on his blog, "customers would likely expect a complete recall at the expense of the manufacturer."
Brocious' original proof, which inspired many copycats, was a clunky, conspicuous device that would have drawn the suspicions of anyone wandering down a hotel hall. But now that it can be fit into something as benign as a marker, the quick hack could be performed with discreet ease.
SpiderLabs' researchers demonstrated how their magic door-unlocking marker works in the video below.
Follow Ben on Twitter.