After the news made headlines all around the world and after several burglaries, Onity – the company responsible for providing door locks for millions of hotel rooms – has finally agreed to support the costs (at least most of them) of changing the vulnerable locks.Back in July, Cody Brocious demonstrated at the Black Hat security conference in Las Vegas that some Onity door locks could be easily tampered with. Soon after, others perfected his methods and some have even put them to good use to break into hotel rooms.
Now, according to internal memos obtained by Forbes’ Andy Greenberg, Onity has come to an agreement with several major franchises, including Hyatt, Marriott and InterContinental.
Onity will provide mechanical caps to secure the vulnerable locks’ programmable ports at no cost to hotels all around the world, as long as the hotel agrees to cover the costs of their installation.
For US hotels that want even better security, Onity will provide them with upgraded boards. The hotels will have to pay $11 (8.5 EUR) for the boards, but they’ll be refunded once they hand over the old ones.
For some, Onity has agreed to handle the expenses of the firmware upgrade, while others will have to support the installation costs themselves.
On the other hand, hotels from outside the US, or ones that purchased their locks before 2005, will have to pay a total of $21 (16 EUR) – the cost of the new boards plus installation – if they want to replace the old vulnerable hardware. If not, they can settle for the free protection caps.
These terms are included in the agreement made by Onity with Marriot, but according to sources in the hotel industry – cited by Forbes – the company has generally agreed to cover the costs of the fix.
However, there’s one noteworthy thing in the agreement: “Onity’s proposal for franchisees is conditioned on the franchisee’s acknowledgement that Onity does not guarantee a lock’s invulnerability to hacking.”