Developer Reveals Security Flaw For Texas Hotel Chain: Doors Can Be Hacked
November 28, 2012

Developer Reveals Security Flaw For Texas Hotel Chain: Doors Can Be Hacked

Michael Harper for — Your Universe Online

A 24-year old developer for Mozilla software named Cody Brocious took the stage during July´s Black Hat security conference in Vegas and explained how easy it was to break into some hotel doors. As these things often happen, Brocious´ hack was placed online where it was later tested and subsequently improved by other hackers.

This week, Forbes is calling attention to this hack once more, telling the story of a woman who had her laptop stolen from a Houston, TX Hyatt in September. A 27-year old man was arrested by Houston police, charging him with the theft. The police also placed the man as a suspect in another theft from the same hotel just four days prior. While the Houston Police did not say how they believed this man was able to break into the room, White Lodging, the franchisee of the Houston Hyatt, believe the man used Brocious´ hack.

Onity door locks are said to be used in over 4 million hotel rooms across the world and bear a small DC power port on the bottom of the lock. Using only $50 worth of supplies, Brocious was able to reverse-engineer the door and create a device which quickly reads the lock´s data and can open the door.

“I plug it in, power it up, and the lock opens,” said Brocious in a July interview with Andy Greenberg of Forbes. “With how stupidly simple this is, it wouldn´t surprise me if a thousand other people have found this same vulnerability and sold it to other governments. An intern at the NSA could find this in five minutes.”

Greenberg took Brocious to some independent and franchise hotels in New York to try out the device in July. While the cheap device worked every time with the door lock Brocious had purchased directly from Onity, it only worked a third of the time on the New York hotel doors.

Since then, others have set about improving the method by which these doors are unlocked, The device itself has also been improved, with some hackers hiding the device in iPhone cases and even dry erase markers, items that are much less conspicuous than Brocious´ first proof-of-concept device.

As an immediate solution to these hotel hacking thefts, White Lodging has begun to simply plug up the DC power port on the Onity locks with “epoxy putty.” While this may deter a criminal in a hurry, a more long-term solution is needed.

Onity has acknowledged Brocious´ hack and offered two types of fixes to their door. One is similar to White Lodging´s approach: Cover up the plug and replace the installation screws with a less-common Torx screw to deter any would-be thieves.

The second solution requires replacing the hardware on every door lock. Onity developed a new circuit board and firmware for these doors in August, but asked the owners of some of these models to pay a small fee for the fix. For the others, Onity offered “Special pricing programs” to cover the cost of the replacements. Every customer, however, has been asked to pay for shipping and labor costs associated with swapping out the circuitry on each and every door lock.

”Given that it won´t be a low cost endeavor, it´s not hard to imagine that many hotels will choose not to properly fix the issues, leaving customers in danger,”said Brocious in a blog post in August.

“If such a significant issue were to exist in a car, customers would likely expect a complete recall at the expense of the manufacturer“¦I can´t help but feel that Onity has the same responsibility to their customers, and to customers staying in hotels protected by Onity locks,” added Brocious.

Similar break-ins have been occurring in other hotels in Texas and Florida, and until the hotels and Onity find a better solution, it´s likely these kinds of break-ins will continue to occur, and with more frequency.