Onity Announces “Fix” For Vulnerable Hotel Key Card Locks, But Won’t Tell Anyone What It Is…

Earlier this week SiliconANGLE revealed how thieves were exploiting a vulnerability in Onity hotel door locks, allowing them to enter guests’ rooms and help themselves to their valuables at will.

Now, after earlier signs that the company would only help its customers if they were prepared to foot the bill for it, Onity seems to have been shamed into doing an about turn, saying that it’s now offering a permanent fix to the problem free of charge. The only downside is, the company refuses to reveal what the supposed ‘fix’ entails.

The problem came first came to light earlier this summer, when hacker/security researcher Cody Brocious revealed how easy it was to pick the omni locks, simply by inserting a digital tool into a power port, which can then read the combination and allow anyone to enter the room.

Initially, Onity were rather complacent about the matter, alluding that it wasn’t nearly as easy as Brocious made out, and insisting that in most cases the trick doesn’t work. Even so, the company issued what can be best described as a temporary fix, telling hotels to ‘plug’ the power port with superglue – rather lame advice that was later removed from its website.

Onity could be forgiven for thinking that it would get off lightly, but then came a spate of thefts from hotels across Texas that all use Onity locks. Police believe that the thief gained access to the rooms using the same technique outlined by Brocious.

Faced with what is undoubtedly one of 2012’s worst public relations disasters, Onity has suddenly announced a permanent fix, reports the BBC:

“Immediately following the hacker’s public presentation of illegal methods of breaking into hotel rooms, Onity engineers quickly developed both mechanical and technical solutions to address the issue.”

“These solutions have been tested and validated by two independent security firms, and are available to customers worldwide. All requests for these solutions have already been fulfilled, or are in the process of being fulfilled.”

Any hoteliers interested in learning about Onity’s permanent fix are invited to call its helpline, which is manned by specialists that can “immediately help to implement the best possible solution for that customer”.

All very well and good, but the problem remains that Onity has given no details of what these new ‘solutions’ might be, meaning that confidence in the company’s locks is unlikely to improve for the time being.

According to security consultant Alan Woodward, gluing the locks shut remains the most popular remedy – but even this method isn’t secure, as the glue can be scraped or picked out with a penknife or similar implement.

“With so many locks installed, it has a big problem on its hands,” added Woodward.

About Mike Wheatley

Mike loves to talk about Big Data, the Internet of Things, Hacktivists and hacking, but he also hates Google and can never resist having a quick dig at them should the opportunity arise :) Got a REAL news story or tip? Email Mike@SiliconANGLE.com.