In a statement sent to me, a White Lodging spokesperson says the company became aware of the vulnerability in its Onity locks in August, based on reading one of the stories I wrote about Brocious’s lock-hacking technique over the summer. But White Lodging says Onity only implemented a fix for that flaw in its locks after the September break-ins at the Houston Hyatt, around two months after I first alerted Onity to Brocious’s work.Security Flaw In Common Keycard Locks Exploited In String Of Hotel Room Break-Ins
Following those September incidents, White Lodging resorted to plugging the port at the bottom of its Onity locks with “epoxy putty,” according to the letter it sent to guests at its Houston location. The hotel company says it’s now working with Onity to put a more permanent solution in place, either plugging the locks’ ports or replacing their circuit board at every location it manages. “We sincerely regret that these thefts occurred, and hope that measures we have taken satisfy your concerns,” reads the letter to guests from White Lodging vice president Thomas Riegelman.
Welcome to ...
The place where the world comes together in honesty and mirth.
Windmills Tilted, Scared Cows Butchered, Lies Skewered on the Lance of Reality ... or something to that effect.
Windmills Tilted, Scared Cows Butchered, Lies Skewered on the Lance of Reality ... or something to that effect.
Wednesday, November 28, 2012
Hotel break-ins blamed on flaw in keycard system
Back in August, we blogged about a presentation at Black Hat, where a security researcher named Cody Brocious presented a paper
on a vulnerability in hotel-door locks made by Onity, showing a method
for opening many hotel-room locks with a simple, Arduino-based device.
Now comes the first reported case of a hotel-room break in using this
technology "in the wild." A Hyatt in Houston's Galleria district was
broken into using this method, according to the hotel, which had not
replaced its locks even though it knew about the vulnerability.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment