Breaking Analysis: Keycard Hacking – How Safe is Your Hotel Room?

Back in September, a series of burglaries at a Hyatt hotel in Houston had hotel management baffled. Now they believe that the rooms were opened using a device that takes advantage of a security vulnerability in keycard locks built by the lock company Onity, and is specifically a model of lock that appears in at least four million hotel rooms worldwide.

That security flaw was first publicly demonstrated by Cody Brocious, a 24-year-old software developer for Mozilla, at the Black Hat hacker conference in July of this year. SiliconANGLE Contributing Editor John Casaretto explained, “It all starts with access through a physical port.” He went on to say that through a series of low tech and low cost technologies that has since been refined, the hackers are able to replicate a weakness that’s used for making the master keys and for opening locks whose batteries have died.

Casaretto discussed the solution options Onity has given the hotels, but the seemingly most satisfactory solution would cost them a pretty penny. Andy Greenberg, who reported on this for Forbes, said that Onity was asking the hotels to cover the cost of replacing the circuit boards in the locks. Blocking the locks’ ports is the only free option they offered to provide.

Casaretto said that unfortunately, there’s not much that hotel guests can do to circumvent their locks from being hacked. He advised viewers to check with the hotel and ask them to at least block the port on the lock if it’s an Onity lock.

Another Facebook policy change sparked a flurry of status update re-postings. While there was an actual data policy update, the mock status proclaimed the user’s personal copyright is attached to all of their Facebook content, and that the user’s written consent is needed at all times for commercial use. Casaretto reminded viewers that when they signed up for Facebook, they agreed that Facebook could use their data however they wished, but you still own your pictures and other content. The actual policy update included revoking users’ abilities to vote on Facebook changes.  See the entire segment with Kristin Feledy and John Casaretto on the Morning NewsDesk Show.