Slashdot Mirror

← Back to Stories (view on slashdot.org)

After Hacker Exposes Hotel Lock Insecurity, Lock Firm Asks Hotels To Pay For Fix

Posted by Soulskill on from the we-are-so-sorry-give-us-money dept.

Sparrowvsrevolution writes "In an update to an earlier story on Slashdot, hotel lock company Onity is now offering a hardware fix for the millions of hotel keycard locks that hacker Cody Brocious demonstrated at Black Hat were vulnerable to being opened by a sub-$50 Arduino device. Unfortunately, Onity wants the hotels who already bought the company's insecure product to pay for the fix. Onity is actually offering two different mitigations: The first is a plug that blocks the port that Brocious used to gain access to the locks' data, as well as more-obscure Torx screws to prevent intruders from opening the lock's case and removing the plug. That band-aid style fix is free. A second, more rigorous fix requires changing the locks' circuit boards manually. In that case, Onity is offering 'special pricing programs' for the new circuit boards customers need to secure their doors, and requiring them to also pay the shipping and labor costs."

11 of 244 comments (clear)

  1. You know what else can open a lock? A crowbar. by Rogerborg · · Score: 5, Insightful

    Any hack that requires physical disassembly of the lock is just ePeen waving.

    Given the choice between a $50 bit of magic juju that might work after 5 minutes of fiddling, and a $20 jimmy that will work 100% of the time in 10 seconds, I know which option 99% of "going equipped" criminals are going to go for.

    So, no, I'm not blaming the lock manufacturer here. No security is absolute, it's a question of what's reasonable.

    --
    If you were blocking sigs, you wouldn't have to read this.
    1. Re:You know what else can open a lock? A crowbar. by Anonymous Coward · · Score: 5, Informative

      RTFA. No need to disassemble the lock - all you do is plug in a small gadget into a nokia-charger-style plug at the bottom of the lock and volià - open door.

    2. Re:You know what else can open a lock? A crowbar. by ArsenneLupin · · Score: 5, Insightful

      RTFA. No need to disassemble the lock - all you do is plug in a small gadget into a nokia-charger-style plug at the bottom of the lock and volià - open door.

      Not after the "free" workaround (cap that covers connector, and requires lock disassembly to remove) is applied.

      And I guess, if you already have disassembled the lock, you won't need the gadget to open it: a short applied directly at the actuator would do the trick too.

      So, the "bandaid-style workaround" (cap) might actually make more sense than the improved circuit board (which may only protect against the current intrusion software, but not against enhancend versions that take into account the new memory layoyt).

    3. Re:You know what else can open a lock? A crowbar. by dead_user · · Score: 5, Interesting

      I can attest that hotel room doors are pretty crowbar-resistant. During Katrina I was "essential personnel" and was "evacuated" to the hotel near City Hall so I could be at the ready once the storm passed. About $70k worth of equipment came with me to the hotel room to get it more protected. (Backup servers and their ilk.) The next evening when the national guard guys took us back to our rooms to get our stuff, there were three giant gouges in my door. But the door held. I was both impressed and disgusted. These people also beat up the hotel staff because they were upset that the hotel generators didn't also run the A/C's. Eventually, the hotel was abandoned and left to them. It was just too dangerous to the staff to stay. By the second night, they had defaced much of the hotel with spray painted signs declaring the hotel the "New 4th Ward", a project (slum) from New Orleans. Granted, their homes were flooded, but so was mine. So sad.

  2. The cheap one is worthless by gweihir · · Score: 5, Informative

    "Secure" screws are anything but. You can either print them (wax, photograph) and make matching bits pretty easily. You can even automatize this. Or you can force them with some pre-made approximations. (Yes, that may mean carrying around 50 possibles, and/or a file, but it is not hard.) There are other techniques as well, for example removal tools for broken screws or ice-spray and a hammer. Sawing a slit into the screw-head is also typically pretty easy.

    Yes, I have done it a few times. Not for these locks, but I would be surprised if they were any different.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:The cheap one is worthless by adolf · · Score: 5, Informative

      I had to defeat some stainless steel T10 Security Torx screws in the process of doing my job, recently, as I was moving old hardware from one place to another.

      Normally, I carry a large assortment of cheap "security" driver bits with me, but alas they were not with me at the time (indeed, they were 40 miles away).

      Solution: I used a regular-old Klein T10 driver. I smashed it into the head of the screw a few times with the palm of my hand (no hammer needed), and the protruding post neatly bent over and squished itself into the valley of the Torx socket. This left plenty of surface area to neatly grab the fastener in the conventional way (with the same, and now proper driver), and remove it.

      I was fairly amused that this worked the first time. And then I repeated it 7 more times for the other screws with similar success. (The Klein screwdriver was unfazed.)

      (For the uninitiated: Torx screws intentionally require very little engagement depth to properly mate a driver to the fastener, by design. It is perhaps the singular thing they're very good at, and also the one thing that allowed them to be so easily circumvented in this case of them being modified for "security.")

      --
      Kid-proof tablet..
  3. Double standard by Anonymous Coward · · Score: 5, Insightful

    Hmmm, we take umbrage that a company charges for a hardware upgrade to a flawed physical device, but we have gotten used to having to pay for software upgrades to get our bugs fixed. It is the second of these that is the real scandal.

  4. They should act like Kryptonite. by Anonymous Coward · · Score: 5, Insightful

    Many slashdotters and/or cyclists remember the whole Kryptonite debacle where their locks could be opened with a Bic pen. Kryptonite offered free replacements, with free shipping, without requiring the receipt. They ate a huge cost but saved their company's reputation. People still buy their locks.

    This company is making its customers pay for their poor design. They are done.

  5. Sweet. by Impy+the+Impiuos+Imp · · Score: 5, Funny

    > "as well as more-obscure Torx screws to prevent intruders from
    > opening the lock's case and removing the plug"

    Because nobody capable and determined enough to rig up the electronic interface for $50 can handle the mental and financial stresses of a $10 Torx set from the hardware store.

    "Well, we got the device. Open it up."

    "Whoa! What kind of screws are these?"

    "Lemme look -- MY GOD, IT'S FULL OF STARS!"

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  6. Hotel In room "safe" by trout007 · · Score: 5, Informative

    I was staying in Marriott and they have a small in room safe. Its the kind with a digital keypad where you select your own code. I put stuff in there while we went to the pool.

    When we got back I guess one of the kids was playing with it and it stopped responding because they pressed too many buttons. So I looked it up online. All I had to do was press "lock" twice to enter supervisor mode then 999999 and it opened the safe bypassing my code.

    So don't use those safes for anything real valuable. Next time I have to play around with supervisor mode to see if I can change that password.

    --
    I love Jesus, except for his foreign policy.
  7. Now that's what I call... by srussia · · Score: 5, Funny

    All I had to do was press "lock" twice to enter supervisor mode then 999999 and it opened the safe bypassing my code.

    "six-nines" availability!

    --
    Set your phasers on "funky"!