Millions of hotel rooms can be unlocked with $50 hack

An alleged Houston thief apparently used an inexpensive electronic hack revealed at the Blackhat conference this summer to defeat room locks and steal from the guests at three hotels, reported the Houston Chronicle on Wednesday.

The company, Onity, has sold their locks to hotels worldwide, which are estimated to be used on 4 million hotel rooms globally. Since the hack was revealed, others have perfected the technique and even created James-Bond like concealable devices to perform the task.

The Chronicle reported that, “In a statement, Onity said … [their] engineers developed mechanical and technical solutions – tested and validated by two independent security firms – to address the issue.” But the hacker who discovered and publicized the security flaws says the company’s response won’t prevent his hack: “I cannot imagine a fix for both of these issues which does not consist of replacing not only the lock circuit boards, but that of the portable programmer and the encoder.”

The company responded to the revelations by blaming the hacker as irresponsible, but Darlene Storm at Computer World rightly argues that “in the four months since the flawed keycard lock vulnerability went public, Onity still hasn’t stepped up to fully pay for the required new circuit board and installation. Onity did supply plugs for the DC ports and suggested changing the screws, but left their hotel customers to foot the bill for a more secure fix. This likely means it won’t be fixed in all hotels. Therefore, it seems there should be no excuse to blame the hackers instead of the company.”

While on the subject of hotel-room security, even the manual metal lock guests can use to secure the door from the inside can be easily defeated though more low-tech methods.

RELATED: Even more disturbing than shoddy hotel security, while Grits was looking into the issue of hacking hotel locks, I ran across this startling story about insecure locks on most major models of gun safes, some of which can be easily defeated by a three year old. Seriously. Read the article, watch the embedded videos, and then, if you’re a gun owner, immediately go check your own gun safe to see if it’s similarly vulnerable.

This entry was posted in Uncategorized. Bookmark the permalink.