Feeds

Hotel blames burglaries on hacked Onity card locks

Black Hat demo exploited in the wild

Protecting against web application threats using SSL

Updated A Texas hotel is claiming to have suffered multiple burglaries stemming from flaws in a common type of electronic lock, exploits for which were demonstrated at this year's Black Hat hacking conference.

In July, security researcher Cody Brocious showed how a device cobbled together from $50 worth of parts could be used to break into locks manufactured by Onity, which supplies some of the largest hotel chains in the world. The device plugs into the data port on the locks and opens them by defeating poor crypto in the locking system.

Now the Hyatt hotel in Houston's Galleria complex has told Forbes that its guests suffered a string of break-ins in September, and that it had identified the hacking of its Onity locks as the method used. 27-year-old Matthew Allen Cook has been arrested for the break-ins and is helping the police with their inquiries.

"We will vigorously defend these charges, and all the facts will be available after the trial," Cook's lawyer said.

The hotel owners say they became aware of the issue with Onity locks in August and were working with the company on a fix when the thefts took place. At the time of the Black Hat presentation, Onity called the hack "unreliable, and complex to implement," but it appears not too complex for others to imitate.

So far Onity has offered two workarounds – covering up the data port with screws that are difficult to remove, or replacing the entire circuit board of the lock, which the manufacturer wants hotels to pay for themselves.

The hotel said it had been taking steps to mitigate the flaw but the robberies occurred before this had been done. It was eventually reduced to posting a physical guard in reception to try and deter thefts, in addition to gumming up the data port of the locks with epoxy glue.

Insurance firm Petra Risk Solutions issued an alert to its customers on the Onity locks last month, but said that around a fifth of its customers have yet to deal with the issue. Todd Seiders, director of risk management at Petra, said the company was already aware of other cases of theft using the hack.

"We're expecting incidents in which these devices are used to explode nationally," he said. "As crooks find success with it, they’re going to go back to the Internet and say 'hey, it works. I was able to break into ten rooms.' And then others build it and try it. We're going to get hit hard over the next year." ®

Update

"Onity places the highest priority on the safety and security provided by its products. Immediately following the hacker’s public presentation of illegal methods of breaking into hotel rooms, Onity engineers quickly developed both mechanical and technical solutions to address the issue," the company said in an emailed statement.

"These solutions have been tested and validated by two independent security firms, and are available to customers worldwide. All requests for these solutions have already been fulfilled, or are in the process of being fulfilled."

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.