“The flaw was obscure but simple: Each of the Onity locks had a port on its underside into which hotel staff could insert a device the company called a portable programmer. The device could read which keys had recently opened which doors or set which doors could be opened with which master keys. And since portable programmers also functioned as master keys themselves, they were carefully guarded by hotel owners.
Brocious, a round, bearded, long-haired and patchily bearded hacker prodigy, had been hired by a small startup to reverse engineer the Onity locks and create a competing system. The company never got off the ground. But Brocious found something unexpected. The unique cryptographic key that triggered the “unlock” command on any particular Onity lock was stored not on the hotel’s portable programmer but in the lock itself—the equivalent of millions of keys hidden under millions of welcome mats in hotels around the globe.
“
