The Anti-virus Times

A severe vulnerability was discovered in HID’s door controllers. Criminals can exploit it to remotely disable alarms and turn electronic locks. The problem is caused by a feature that enables administrators to change the LED blinking pattern. The blink program command is issued with an argument that determines how many times the LED should blink. Once the argument is received, it is inserted into the Linux command prompt and then the system is called to run the command.

The developers have not provided a validation routine that would filter out arguments that aren't numbers, so the system routine will execute anything. Attackers can insert other commands that will all be executed using administrator permissions.

https://xakep.ru/2016/04/01/hid/

A criminal entered a hotel room using a special device that exploits a vulnerability in Onity locks. Twenty-seven-year-old Matthew Allen Cook, who had a previous criminal record of burglary and theft, was charged with breaking and entering. The police found the man after he pawned a laptop stolen from the hotel.

http://www.securitylab.ru/news/432970.php

The lock system vulnerability was originally showcased at the Black Hat Security conference where Cody Brocious showed how a device costing less than $50 could be used to open any Onity door—according to Forbes, these doors are used in four million hotel rooms worldwide.

The vulnerability can be exploited using the lock's socket, which is used by hotel staff to charge its battery and program the lock with the specific hotel sitecode. This 32-bit key is used to identify the hotel. A hacker can plug a portable device into the socket and read the key from the memory. Then the device returns the key to the lock and the door opens.

http://ria.ru/technology/20120724/708218202.html#ixzz452agSpXI