Hacking hotel keycard locks, and the secret UN meeting that could change the Internet
Burglaries are popping up after a hacker showed off a vulnerability in keycard locks at hotels
The hotel room lock that uses a card may present a big problem: A simple hack that can make for an easy burglary. It requires a $50 dollar piece of hardware called a microcontroller plugged into the charger port on lock itself. A software engineer showed off how to do it at what's called the "Black Hat" hacking conference last summer. What is a black hat hacker? It's the more mischevious version of a white hat hacker.
"Black hat hackers hack primarily for destructive purposes, to cause dammage or to steal," says Sebastian Antony, senior editor of the website Extreme Tech who has been reporting this story. "A white hat hacker wouldn't do that."
Antony covered the original hacker's presentation last summer. Now, as night follows day, a hotel burglary involving the hack has popped up. Police have arrested a guy who allegedly hacked into a room to swipe a laptop. The locks are made by a company called Onity, which is offering, at a price to hotels, a lock for the lock. Hotel managers are also using a lower tech fix: Putting epoxy putty into the relevant holes.
The hacker who figured this out didn't alert the lock manufacturer, but he did reportedly license his technique to a locksmith training company for $20,000.
A United Nations outfit you probably never heard of is meeting next week in Dubai. But why does it matter to us? The 193 countries of the ITU, the International Telecommunications Union, could shape the future of Internet. Why should you care? How about the possibility of living in a world where the government decides who gets to connect to the Internet?
"Today a small business in Boston or Bangladesh can put a product online and it can attract customers from anywhere in the world," says M.I.T.'s Alan Davidson, who used to be the top lobbyist for Google, which opposes the UN regulating the net in this way. "You don't have to ask for permission from a government. You don't have to pay a foreign network provider so you can be seen. And that model of innovation without permission has been a lynchpin of the Internet that we know and love. And that's what many fear is at risk next week in Dubai."
The United States is apparently not pushing for drastic changes at this meeting. But other countries are -- Russia, China -- and these are countries that already work quite hard to regulate their Internet. Davidson says that's one of the main reasons people are concerned about the ITU getting involved. Countries that have been trying to censor the Internet seem to be the loudest voices at the table, and that's concerning Internet freedom advocates. One of the leaks that came out ahead of next week's meeting suggested that at least one of the countries at the bargaining table here was seeking universal identification of all Internet users. In other words, if you want to go online the government needed to know exactly who you are.
"That's why people are so concerned," says Davidson. "Imagine a world where you have to get permission before you are allowed on line. Imagine a world where there is a UN regulator that was a gatekeeper over whether content could be online or whether a service could be online. We are not there yet, but it's one of the reasons many people are wary of creating a new tool for those who would control the Internet."
What about the argument, though, that different countries have different values and they might want to apply them to how information is exchanged within their countries. Davidson says it's an issue of whether those interests could squash the web's promise.
"The question is how do we make sure there are ways for Internet users to solve these problems," he says, "without bringing in a regulatory approach that might really stifle the best things on the Internet."