Huffpost Canada Travel ca

Onity Lock Security Flaw: Hackers Capitalize On Hotel Door Vulnerabilities

Posted: Updated:
ONITY KEYCARD SECURITY FLAW
A vulnerability in the tech used in hotel doors has compromised the security behind as many as four million hotel rooms around the world. (Alamy) | Alamy

Do you know how safe your hotel room is?

A vulnerability in the technology used for hotel doors appears to be compromising the security for as many as four million hotel rooms around the world. Would-be thieves looking to break into hotel rooms need no longer force their way in, but can now instead hack in through door locks that use key cards.

The flaw affects a number of locks made by the company Onity Security, a U.S. lock company that services over 200 hotel chains across the globe. The issue was first brought to light in July during a hacker conference when Cody Brocious, a software programmer, demonstrated how to open Onity locks with dead batteries, according to Forbes.

As noted by the Verge, Onity HT key card locks feature a power outlet used for re-programing. However, by using less than $50 in equipment, hackers can access the on-board memory that stores the code needed to open the lock. Hackers can then copy and distribute the code afterwards.

The same flaw is believed to be responsible for a series of burglaries in Texas hotels, including one that left Janet Wolf without a computer. Wolf, a 66-year-old IT programmer, was staying at the Hyatt in Houston’s Galleria district in September when someone hacked the lock of her hotel room and made off with her laptop. Local authorities have since arrested Matthew Allen Cook in connection to the theft, reports Venture Beat.

Police in Houston have yet to confirm whether Borcious' hacking techniques were used in the theft, but there are increasing reports of similar incidents happening in the States. Petra Risk Solutions, an insurance company, released a notice in the middle of October mentioning that "multiple rooms at several hotels" had been breeched using Brocious' method, according to the Verge.

Onity issued a release addressing the security flaw back in August, suggesting that plugging the ports and changing the types of screws used in instillation would curb further break-ins. However, that responsibility falls to hotels, many of which may opt to continue using the faulty locks as the cost to upgrade to more secure devices remains an obstacle, writes Gizmodo.

Also on HuffPost:

The Strangest Things Left Behind At Hotels
of
Share
Tweet
Advertisement
Share this
close
Current Slide

Suggest a correction

Around the Web

Black Hat hacker gains access to 4 million hotel rooms with Arduino ...

Hotel keycard system from Onity said to be vulnerable to hacking ...

Hacker Will Expose Potential Security Flaw In Four Million Hotel ...

Hotel keycard firm issues fixes after Black Hat hacker breaks locks ...

Black Hat: Hotel keycard lock picking in less time than it takes to blink

Hotel Lock Firm's Security Fix Requires Hardware Changes ... - Forbes

BBC News - Hotel key cards open to hacking, developer says

Vulnerable keycard locks linked to Texas hotel room burglaries

Breakfast Briefing: Windows Phone 8 update, scary hotel security hack, inside ...