After Cody Brocious’ demonstration at the Black Hat security conference in Las Vegas, a number of experts started tinkering with the methods he used to hack the Onity door locks utilized by hotels to secure millions of rooms.
Onity came up with a couple of solutions: a cap that would prevent access to the portable programmer and a firmware upgrade that would mitigate the attack. However, the decision to ask customers to pay for the second solution raised a lot of controversy, many claiming that the company should pay for its own mistake.
Because of the controversial reactions, the firm even removed its initial statement and replaced it with phone numbers that customers can call in case they have any questions.
In the meantime, a few interesting developments occurred. A number of researchers began improving the method and some of them even came up with smaller devices that could open hotel doors, Forbes reports. Some of the new gadgets are so small that they could fit inside an iPhone case.
In order to demonstrate the risks posed by Brocious’ findings, a couple of experts made a short video showing that they could enter a hotel room in a matter of seconds without being spotted.
On the other hand, one of the individuals who created an improved device – calling himself Mr_Q – highlights the fact that maybe Brocious should have contacted Onity before making his findings public, since now he has given ideas to burglars.
Of course, the company is forced to take immediate action to prevent unfortunate incidents, but considering that millions of doors are involved, the replacement of the firmware, and even the implementation of the security cap, could take quite some time. This leaves a relatively large window of opportunity to criminals.
However, the fact that Onity doesn’t take full responsibility for its mistakes is another problem. Mr_Q has compared the decision to charge for the security upgrade to a scenario in which a car manufacturer would force its customers to pay for the replacement of a locking system that’s found to have design flaws.