Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hotel Keycard Lock Hack Gets Real In Texas

Posted by timothy on from the those-words-in-that-order dept.

Sparrowvsrevolution writes "You may remember a vulnerability in four million keycard locks presented at the Black Hat conference in July. Hacker Cody Brocious showed he could insert a device he built for less than $50 into the port at the bottom of the common hotel lock, read a key out of its memory, and open it in seconds. Two months later, it turns out at least one burglar was already making use of that technique to rob a series of hotel rooms in Texas. The Hyatt House Galleria in Houston has revealed that in at least three September cases of theft from its rooms, the thief used that Onity vulnerability to effortlessly open rooms and steal valuables like laptops. Petra Risk Solutions, an insurance firm focus the hospitality industry also reports that at least two other hotels in Texas were hit with the attack. Onity has been criticized for its less-than-stellar response to a glaring vulnerability in its devices. The Hyatt says Onity didn't provide a fix until after its break-ins, forcing the hotel to plug its locks' ports with epoxy. And even now, Onity is asking its hotel customers to pay for the full fix, which involves replacing the locks' circuit boards."

16 of 132 comments (clear)

  1. Sure I will pay.... by Anonymous Coward · · Score: 5, Funny

    ....for a broken product you gave me......who are your competitors?

    1. Re:Sure I will pay.... by Applekid · · Score: 5, Insightful

      If I were one of Onity's competitors, I would be fast-tracking a replacement system that uses the existing housings at least. Their lunch is right there, on the table, practically begging to get eaten.

      --
      More Twoson than Cupertino
    2. Re:Sure I will pay.... by Vellmont · · Score: 4, Informative

      You assume hotels think that security is some sort of top priority. It's not. You think that there aren't hundreds of people that could open your hotel room?

      If push comes to shove, I guarantee you the preferred solution for 99% of hotels will be simply securing the physical port, and not monkeying around with circuit boards or replacing the whole system entirely. It's just too expensive for too little benefit. Hotel rooms aren't meant to be Fort Knox.

      --
      AccountKiller
  2. A Fix? They're On It, Sort Of by guttentag · · Score: 5, Funny

    Chocolatey = Chocolate, Sort of...
    Onity = On It, Sort of...

  3. Re:And a normal locksmith will also charge by dav1dc · · Score: 5, Informative

    I believe its geek appeal is derived from the fact that a software hack utilized to break the locks, rather than a physical set of lock picks.

    There is also a sub-text about the social responsibility and obligation that manufacturers have to patch security holes found in their devices in a timely manner I suspect as well.

  4. Well handled by slashmydots · · Score: 4, Funny

    The Hyatt says Onity didn't provide a fix until after its break-ins, forcing the hotel to plug its locks' ports with epoxy

    Well, at least they issued a patch.

  5. Took them two months?! by wvmarle · · Score: 4, Interesting

    Surprised it took thieves two months before starting to use this exploit. Even more surprising that the summary says "already".

    The exploit was very well documented, and rather simple to copy. It took mere days for YouTube videos showing off the same hack to appear.

    It is more likely that other hotels were hit with the issue already, but didn't disclose it to the public for fear of attracting more thieves to their hotels, and/or for the bad publicity and the risk of guests staying away from their insecure rooms.

    1. Re:Took them two months?! by rsmith84 · · Score: 4, Insightful

      You have to let the chatter about the exploit die down enough so that you can pull the heist off with better success. Going out and attempting it immediately after Black Hat is too risky and the sign of foolish thief.

    2. Re:Took them two months?! by Rob+the+Bold · · Score: 4, Insightful

      Surprised it took thieves two months before starting to use this exploit. Even more surprising that the summary says "already".

      Maybe it's only after the exploit was revealed that anyone thought to suspect this was the way some hotel burglaries were happening. We don't necessarily know that Brocious was the first to discover the attack mode -- only that he was the first to publicize it.

      --
      I am not a crackpot.
  6. Re:And a normal locksmith will also charge by Anonymous Coward · · Score: 4, Informative

    Lock picks take time

    Google 'bump key'. They can open a lot of rotary yale-type locks in under 5 seconds.

    https://www.youtube.com/watch?v=hr23tpWX8lM (skip to 1:00)

    Needless to say I never leave the house without locking a deadbolt too.

  7. Onity provides a fix .... for a fee. by 140Mandak262Jamuna · · Score: 5, Informative
    Onity has announced two step solution. The first one is making it difficult to access the port. There is a cover at the bottom it looks like and they are strengthening it. May be metal instead of plastic. And adding a *security* torx screw too. Yeah, may be they will also make it need pentalobulous head like Apple iPads. But all it will do is to slow down but can't stop the intruder. This part is free.

    They are also providing a software solution. Even when the locks are programmable and upgradable, flashing the new firmware is available for a "nominal" fee. And if your lock does not have upgradable firmware? Well, you need to call in and ask for the price. I think the current pricing is one arm and one leg per upgrade.

    http://www.securityinfowatch.com/news/10766203/onity-provides-lock-upgrades-following-hack

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  8. Re:Not "rob", burglarize by clickclickdrone · · Score: 4, Informative

    Or just plain 'burgle' if you're English.

    --
    I want a list of atrocities done in your name - Recoil
  9. Re:And a normal locksmith will also charge by wvmarle · · Score: 4, Interesting

    Cards have a built-in expiry date; usually the date you're supposed to leave the hotel. When extending your stay, they will update your card. So while you may be able to copy them, it's not exactly useful.

  10. Re:Not "rob", burglarize by Phreakiture · · Score: 4, Funny

    I bet you feel so embiggened for pointing out this incromulence.

    --
    www.wavefront-av.com
  11. Re:Not "rob", burglarize by History's+Coming+To · · Score: 4, Informative

    To burgle. He burgled. They will burgle. I was burgled. I suffered a burglary. etc

    --
    Please consider this account deleted, I just can't be bothered with the spam anymore.
  12. Hotel in room safes are not much better by trout007 · · Score: 4, Interesting

    I was in a hotel with an in room safe. My kid closed the door and managed to lock it so I called maintenance. The guy came up and hit the # key twice to enter supervisor mode then keyed in 6 9's. Here is a video I shot after he left. I'm pretty sure they don't have an override maintenance code for each room. You could try a few standard combos on your room to figure it out for the hotel. Or just get maintenance up to your room to show you it.

    https://www.youtube.com/watch?v=UYjJuE7l7VM

    --
    I love Jesus, except for his foreign policy.