Hotel Burglars Exploit Key Card Locks, But Who’s Gonna Pay To Fix Them?


Dozens of guests at luxury hotels in the US have fallen victim to burglaries in recent months, with the thieves suspected of gaining access to their rooms by exploiting a recently exposed security flaw in the electronic locks commonly used in such hotels.

A report in Forbes described how numerous hotel guests in Texas have fallen victim to theft, but in each case there has been no sign of forced entry, leading detectives to suspect that a bug in the door locks could be responsible.

One of the hotels in question, the Hyatt in Houston, has confirmed that the rooms were definitely not broken into, and nor were the locks picked. In addition, its records indicate that no members of staff opened the doors with another key. For this reason, investigators believe that the only explanation is a security flaw that was exposed by a software developer last summer.

Before the thefts took place, the flaw had been described as a “theoretical intrusion” by 24-year old Cody Brocious. During a presentation at the Black Hat hacker conference last July, Brocious explained how he had managed to reverse engineer hotel door locks manufactured by a company called Onity.

According to Forbes:

“Brocious showed it was possible to insert the plug of a small device he built with less than $50 in parts into the port at the bottom of any Onity keycard lock, read the digital key that provides access to the opening mechanism of the lock, and open it instantaneously.”

If thieves really are using the exploit to gain access to hotel rooms, it could present a huge problem for hotels across the globe. Onity locks are used by dozens of leading hotel brands around the world, not to mention thousands of smaller, independent hotels. If no fix can be found, the locks would likely have to be replaced at an enormous cost.

For its part, Onity is working alongside its customers to help them repair the keycard locks, but the company is apparently insisting that hotels stump up the costs of doing so.

Somewhat predictably, many hotels are unwilling to cough up the money to replace all of those locks, with many instead resorting to a temporary fix that involves plugging up the port in each door to prevent a digital tool being used to hack it.

The real loser in all of this may well be the hotel guests themselves, something that Brocious himself warned about upon learning Onity’s response:

“Given that it won’t be a low cost endeavour, it’s not hard to imagine that many hotels will choose not to properly fix the issues, leaving customers in danger. If such a significant issue were to exist in a car, customers would likely expect a complete recall at the expense of the manufacturer. I can’t help but feel that Onity has the same responsibility to their customers, and to customers staying in hotels protected by Onity locks.”


“With how stupidly simple this is, it wouldn’t surprise me if a thousand other people have found this same vulnerability and sold it to other governments. An intern at the NSA could find this in five minutes.”