Hotel Lock Hacker Leads Manufacturer to Release Fixes
In response to a Black Hat security conference demonstration in July, electronic lock maker Onity is rolling out fixes to problems that were easily exploited by a 24-year-old security researcher.
With less than $50 worth of equipment, Cody Brocious used an open-source device to connect to a DC port on the bottom of a hotel room keycard lock that opened once the power was turned on.
Although Onity scoffed and called the trick "unreliable and complex to implement," it was a big enough security issue to prompt the company, which has locks on over 4 million hotel room doors, to make some fixes.
The company's approach to combating the hack is two-tiered: Onity will provide physical plugs and Torx screws to block the port and make the casing that houses the HT series lock's guts more difficult to open.
In a statement, Onity said it will provide its customers with those components for free, but the cost of an important firmware update, for both HT series and ADVANCE series locks, will have to be shouldered by the hotels themselves.
The update for HT24 series locks is available now, and the ADVANCE series update will be available at the end of August.
On his blog, Brocious took issue with what Onity called its "firmware update" and explained that the fix will actually require a swapping out of the entire circuit board. That's more like a hardware update.
The hack, as exploited by Brocious, involves a portable programmer not unlike the ones used to program guest keys and master keycards.
Brocious explained to Forbes that the lock's memory becomes readable to the device that's plugged into it. From there, he said he was able to trip the lock's "open" mechanism by accessing the cryptographic key — identical to the key on a corresponding keycard's magnetic strip — stored inside the lock's brain.
While there's still no telling how expensive this solution will be for Onity or its customers, some are upset that Onity is making hotels share the expense at all.
Brocious told The Register that this may lead some hotels to forgo the fix, leaving their guests vulnerable to a technically savvy intruder.
If such a case were to happen to a car, Brocious said, "customers would likely expect a complete recall at the expense of the manufacturer."
Brocious, who praised Onity's decision to confront these issues head-on, said he still thinks the lock manufacturer has the responsibility of bearing the financial cost for its customers and for the hotel guests who trust their locks.