Hotel door tech provider moves to crack down on lock hacker

August 27, 2012 By 2 Comments

An electronic hotel lock provider has issued a series of fixes to its technology after a cheeky developer used a major conference to demonstrate a hack to open doors.

Onity was forced to react after Mozilla software developer Cody Brocious used the Black Hat security conference to outline how he could open hotel doors a simple open-source device.

Brocious used a piece of technology costing around $50 which he adapted so that he could attach the device to the underside of an Onity hotel lock.

According to The Register, Brodious’s device was only able to work because of two parallel issues with Onity locks: “The ability to read memory locations on vulnerable electro-mechanical locks and flawed cryptography in the key cards system itself.”

After initially dismissing the hack as “unreliable”, Onity has now issued details to potentially nervous hoteliers for how to prevent the hack from hitting their own properties.

The fix comes in two forms:

A “mechanical cap” which can be inserted in the programmable plug of the existing Onity locks, effectively blocking the physical access.

The second options is likely to anger hoteliers (who have found themselves at the mercy of recent developments, both security-wise and now financially) involves replacing the control mechanism and firmware for both the HT and Advance series locks that Onity produces.

The company says:

“For locks that have upgradable control boards, there may be a nominal fee. Shipping, handling and labor costs to install these boards will be the responsibility of the property owner.”

Expect this to run and run.

NB: Electronic hotel door lock image via Shutterstock.

Related posts:

  1. Hotel security under question as hacker says electronic locks can be opened
  2. Hotel door opening technology moving to mobile devices
  3. Hacker-hot, data deep: How Gen Z code literacy could transform travel-tech
Filed Under: News Tagged With: , , ,
Kevin May About Kevin May

Kevin May is editor of Tnooz. He joined as a co-founder in August 2009 after spending nearly four years as editor of UK-based business publication Travolution.

Passionate about the business of travel and the internet, Kevin played a major role in establishing Travolution in print, online, events and with an annual awards programme, as well as becoming a regular speaker and moderator at industry events.

Prior to Travolution, Kevin was web editor at Media Week (UK) and also worked in regional newspapers for two years at the Essex Enquirer. He started his career in journalism at the Police Gazette at New Scotland Yard in London.

Comments

  1. Jane says:
    August 28, 2012 at 7:53 am

    Nice. The company’s code has a flaw that puts both hotel operators and their guests at risk, but hotels have to jimmy the locks or have to pay to upgrade the hardware to protect themselves.

    Onity competitors VingSafe and SafLok should be paying attention – might be a good time to find new customers!

    Reply
  2. Andrew Sanders says:
    October 4, 2012 at 5:15 pm

    This security breach affecting millions of hotel rooms has finally been addressed thanks to the power of smartphones –

    http://www.hospitalitynet.org/news/154000397/4057920.html

    White paper on the subject will be available soon via http://www.openways.com

    Reply

Speak Your Mind

*