Friday, November 30, 2012

Millions of hotel rooms can be unlocked with $50 hack

An alleged Houston thief apparently used an inexpensive electronic hack revealed at the Blackhat conference this summer to defeat room locks and steal from the guests at three hotels, reported the Houston Chronicle on Wednesday.

The company, Onity, has sold their locks to hotels worldwide, which are estimated to be used on 4 million hotel rooms globally. Since the hack was revealed, others have perfected the technique and even created James-Bond like concealable devices to perform the task.

The Chronicle reported that, "In a statement, Onity said ... [their] engineers developed mechanical and technical solutions - tested and validated by two independent security firms - to address the issue." But the hacker who discovered and publicized the security flaws says the company's response won't prevent his hack: "I cannot imagine a fix for both of these issues which does not consist of replacing not only the lock circuit boards, but that of the portable programmer and the encoder."

The company responded to the revelations by blaming the hacker as irresponsible, but Darlene Storm at Computer World rightly argues that "in the four months since the flawed keycard lock vulnerability went public, Onity still hasn’t stepped up to fully pay for the required new circuit board and installation. Onity did supply plugs for the DC ports and suggested changing the screws, but left their hotel customers to foot the bill for a more secure fix. This likely means it won't be fixed in all hotels. Therefore, it seems there should be no excuse to blame the hackers instead of the company."

While on the subject of hotel-room security, even the manual metal lock guests can use to secure the door from the inside can be easily defeated though low-tech methods. Be forewarned.

RELATED: Even more disturbing than shoddy hotel security, while Grits was looking into the issue of hacking hotel locks, I ran across this startling story about insecure locks on most major models of gun safes, some of which can be easily defeated by a three year old. Seriously. Read the article, watch the embedded videos, and then, if you're a gun owner, immediately go check your own gun safe to see if it's similarly vulnerable.


Anonymous said...

Thanks, Grits! Unreal.

Anonymous said...

Crime rates are down, right? With the criminals going straight and giving up on crime, our rooms should now be safe.

Gritsforbreakfast said...

9:06, I can't tell if your problem is you don't understand English or math. "Rate" means the frequency at which something happens. A lower rate means it happens less frequently, not never. And of course when security companies sell shoddy products that invite theft, those low rates can change.

Anonymous said...

Security companies sell shoddy products that invite theft.

It doesn't invite or tempt me to break into someone else's hotel room. How about the rest of you? What kind of people feel invited to break in somebody's room?

Gritsforbreakfast said...

Theft, 5:44, is as often as not a crime of opportunity. People buy locks to limit that opportunity, so if they're ineffectual, theft increases. The hotel occupant didn't "invite" anyone to steal, but Onity did when they marketed a shoddy product that failed to perform the task they billed it to do then refused to fix the problem once they knew about it.

dallasdemented said...

Will all of the hotels that now have those locks be sued, for failing to provide (truly) locking doors?