Hotel Keycard Lock Hack Gets Real In Texas

Sparrowvsrevolution writes "You may remember a vulnerability in four million keycard locks presented at the Black Hat conference in July. Hacker Cody Brocious showed he could insert a device he built for less than $50 into the port at the bottom of the common hotel lock, read a key out of its memory, and open it in seconds. Two months later, it turns out at least one burglar was already making use of that technique to rob a series of hotel rooms in Texas. The Hyatt House Galleria in Houston has revealed that in at least three September cases of theft from its rooms, the thief used that Onity vulnerability to effortlessly open rooms and steal valuables like laptops. Petra Risk Solutions, an insurance firm focus the hospitality industry also reports that at least two other hotels in Texas were hit with the attack. Onity has been criticized for its less-than-stellar response to a glaring vulnerability in its devices. The Hyatt says Onity didn't provide a fix until after its break-ins, forcing the hotel to plug its locks' ports with epoxy. And even now, Onity is asking its hotel customers to pay for the full fix, which involves replacing the locks' circuit boards."

And a normal locksmith will also charge

[Gr33nJ3ll0]

Normal key locks are vulnerable to various cheap lock picks as well, and, shock of shocks, a locksmith will charge you to upgrade those locks as well. So.... where's the story? I don't see anything on slashdot about normal burglars breaking into house with zipguns and the like, why is THIS news?

Re:And a normal locksmith will also charge

[PlusFiveTroll]

It depends on how the locks are sold, If they cost 10x as much as a regular lock and advertized to protect against this kind of attack, then yes the lock selling company might have an issue. If I sell you a zipgun proof lock and it's not, it become an issue of product misrepresentation.

Also, up till recently, most people thought of these lock devices as secure, or at least the level of attack that would have to occur would be difficult and rare. Now it's less noticeable to hack these locks then a regular door.

Re:Took them two months?!

[rsmith84]

You have to let the chatter about the exploit die down enough so that you can pull the heist off with better success. Going out and attempting it immediately after Black Hat is too risky and the sign of foolish thief.

Re:Sure I will pay....

[Applekid]

If I were one of Onity's competitors, I would be fast-tracking a replacement system that uses the existing housings at least. Their lunch is right there, on the table, practically begging to get eaten.

Re:Sure I will pay....

[plover]

The replacement boards slide right into the existing locks, which the competitors product will not do.

Yet.

There seems to be a market opportunity here for a vendor who can provide a trustworthy replacement board at a reasonable price. Of course, that means replacing the programming station as well, but it would get a hotel to a potentially better engineered solution, especially if the system was Open Source and scrutinized by the public eye for vulnerabilities.

Re:Took them two months?!

[Rob+the+Bold]

Surprised it took thieves two months before starting to use this exploit. Even more surprising that the summary says "already".

Maybe it's only after the exploit was revealed that anyone thought to suspect this was the way some hotel burglaries were happening. We don't necessarily know that Brocious was the first to discover the attack mode -- only that he was the first to publicize it.

Re:Sure I will pay....

> ... voided support contracts...

Does this still scare anyone?

Re:Even though this is the Hyatt...

[Richy_T]

Dunno? Deep seated prejudice and intolerance?