At the recent Black Hat conference, Cody Brocious, a developer for Mozilla, showed that hotels using door locks manufactured by Onity have a serious vulnerability that could be exposed by malicious individuals who have as little as $50 in their pocket. By inserting a homemade device into the keyless lockets, a person can read the system’s memory, find a decryption key and unlock the door, according to a report by Forbes.
Upon further investigation, Onity confirmed that the process was complex and not always accurate. Several weeks after the exposure, however, multiple hackers told Brocious they enhanced his design to make it work on virtually every Onity lock, Forbes reported.
Onity has since come up with two solutions to the problem. First, it can issue a hardware cap with more complicated screws to eliminate a hacker’s ability to plug into a data port needed to exploit the system. The other solution is to replace all the circuit boards and firmware in the vulnerable lock systems, which will completely mitigate the newly exposed risk, Forbes said.
While the second resolution is clearly the more effective method, there is an inherent flaw: Onity is asking its customers to pay for it. This will be problematic for many small hotels that won’t have the millions of dollars required to make the fix, leaving guests vulnerable to theft or worse.
“If such a significant issue were to exist in a car, customers would likely expect a complete recall at the expense of the manufacturer,” Brocious said, according to Forbes. “I can’t help but feel that Onity has the same responsibility to their customers and to customers staying in hotels protected by Onity locks.”
For hotels looking to implement robust locks to ensure the safety of their guests, they may consider looking to even more complicated access control systems that cannot be exploited as easily. Biometrics, for example, which only grants entry to people with the correct biological or behavioral characteristics, is becoming more popular because of its ability to keep unauthorized individuals out of restricted areas.
A report by BCC Research noted that the global market for various biometric technologies, including fingerprint and iris scans, is forecast to expand at a compound annual growth rate of nearly 19 percent through 2015, at which point it will generate approximately $12 billion in revenue.
Hotel decision-makers need to ensure they choose only the most secure locks, as failing to do so will leave their customers vulnerable to harm.