Crooks Leverage Flaw in Keycard Locks to Break Into Hotel Rooms

The vulnerability on Onity locks has been exploited in numerous cases

By on November 27th, 2012 08:49 GMT

Back in July, software developer Cody Brocious demonstrated that he could open hotel room doors by utilizing a cleverly designed electronic device. His attack method leveraged a flaw found in Onity locks utilized by hotels worldwide.

After Brocious’ presentation at the Black Hat conference, a number of researchers refined the high-tech lock picking tool and even managed to shrink it down to fit inside an iPhone case.

It appears that not everyone leveraged the flaw for research purposes. Several reported break-ins are believed to have been carried out with the use of such lock-hacking tools.

When the news broke out, Onity came forward proposing a number of fixes for the problem, including the use of a plug that would prevent a potential attacker from connecting to the lock’s portable programmer port.

However, considering the large number of hotels that rely on these locks, it’s not an easy task to address the issue.

According to Forbes, in one particular incident that occurred back in September, someone broke into the hotel room of Janet Wolf, a 66-year-old Dell IT services consultant, and stole her laptop.

After investigating the incident, representatives of the Hyatt in Houston’s Galleria determined that none of the maids’ keys had been utilized to open the door.

In October, police arrested 27-year-old Matthew Allen Cook on suspicion of being responsible not only for this particular robbery, but also several others carried out around the same period.

While police have failed to point out what technique the suspect used to break into the hotel rooms, representatives of White Lodging – the franchisee that manages the Houston Hyatt – believe that the burglar used a device similar to the one presented by Brocious.

Following these incidents, White Lodging has blocked the port on the door locks by using epoxy putty, a solution similar to the one suggested by Onity representatives back in July. They’re currently working with Onity on implementing a more permanent solution.

However, a more permanent fix involves the changing of the circuit board, a solution whose costs must be covered by customers.

Comments