Do you know how safe your hotel room is?
A vulnerability in the technology used for hotel doors appears to be compromising the security for as many as four million hotel rooms around the world. Would-be thieves looking to break into hotel rooms need no longer force their way in, but can now instead hack in through door locks that use key cards.
The flaw affects a number of locks made by the company Onity Security, a U.S. lock company that services over 200 hotel chains across the globe. The issue was first brought to light in July during a hacker conference when Cody Brocious, a software programmer, demonstrated how to open Onity locks with dead batteries, according to Forbes.
As noted by the Verge, Onity HT key card locks feature a power outlet used for re-programing. However, by using less than $50 in equipment, hackers can access the on-board memory that stores the code needed to open the lock. Hackers can then copy and distribute the code afterwards.
The same flaw is believed to be responsible for a series of burglaries in Texas hotels, including one that left Janet Wolf without a computer. Wolf, a 66-year-old IT programmer, was staying at the Hyatt in Houston’s Galleria district in September when someone hacked the lock of her hotel room and made off with her laptop. Local authorities have since arrested Matthew Allen Cook in connection to the theft, reports Venture Beat.
Police in Houston have yet to confirm whether Borcious' hacking techniques were used in the theft, but there are increasing reports of similar incidents happening in the States. Petra Risk Solutions, an insurance company, released a notice in the middle of October mentioning that "multiple rooms at several hotels" had been breeched using Brocious' method, according to the Verge.
Onity issued a release addressing the security flaw back in August, suggesting that plugging the ports and changing the types of screws used in instillation would curb further break-ins. However, that responsibility falls to hotels, many of which may opt to continue using the faulty locks as the cost to upgrade to more secure devices remains an obstacle, writes Gizmodo.