After Hacker Exposes Hotel Lock Insecurity, Lock Firm Asks Hotels To Pay For Fix – Slashdot

“In an update to an earlier story on Slashdot, hotel lock company Onity is now offering a hardware fix for the millions of hotel keycard locks that hacker Cody Brocious demonstrated at Black Hat were vulnerable to being opened by a sub-$50 Arduino device. Unfortunately, Onity wants the hotels who already bought the companys insecure product to pay for the fix. Onity is actually offering two different mitigations: The first is a plug that blocks the port that Brocious used to gain access to the locks data, as well as more-obscure Torx screws to prevent intruders from opening the locks case and removing the plug. That band-aid style fix is free. A second, more rigorous fix requires changing the locks circuit boards manually. In that case, Onity is offering special pricing programs for the new circuit boards customers need to secure their doors, and requiring them to also pay the shipping and labor costs.”

via After Hacker Exposes Hotel Lock Insecurity, Lock Firm Asks Hotels To Pay For Fix – Slashdot.

Advertisements

5 thoughts on “After Hacker Exposes Hotel Lock Insecurity, Lock Firm Asks Hotels To Pay For Fix – Slashdot

  1. I feel like what Onity is doing is the right thing. No lock is impenetrable and this one is no different. By providing a free solution that would fix the vulnerability that the hacker used, and reduced pricing on full replacements, I believe Onity resolved this in a successful manner.

  2. Personally I saw this news story when it surfaced a while ago. The guy demonstrated how this tool could be plugged into the door lock and unlock the door with no problems. After that it was pretty much a free for all to the owners items in their room. The positive thing about this story being aired is that it created a problem that needed to be fixed. But the other issue is that the fix that each company should have the Onity company wants to charge the hotels for shipping, labor and the parts? I feel like this is wrong. Onity should have to pay out of pocket to fix these problems as it isn’t the hotels item. Actually Onity should consider itself lucky that the hotels kept business with them after this major flaw, which could have cost the hotels guests. If I was in charge of a hotel I would see what other opportunities existed in locks for the hotel doors. I would try everything to not continue business with a company that wanted to charge me to fix their own problem. This to me just raises a red flag about a company and how it operates.

  3. Depending on how long the lock is guaranteed to be secure I would find it hard for the hotels to expect this fix to be free. Security is something that we shouldn’t take lightly, but with any technology there will always be some security hole found or someone hacking the system.

  4. I do not have a problem with Onity running their business this way. All locks are capable of being broken and it was only a matter of time for this. Perhaps the Hotel needs to refresh its locks and move to a more modern time with them. Onity needs to make a profit in selling and installing these for the Hotel. However, I do so how some people may see this as a poor courteous decision.

  5. On one side it seems that Onity should stand behind their products and not release a security product that is not secure. They provide security for hotels that have hundreds of clients through a month and putting all of their guests at a security risk is something a hotel can not afford to do. It’s good that they are offering solutions, but as the person buying the locks from Onity at the hotels, I would be very upset that I spent all this money on a product that is possibly inferior to other locks I could have chosen, or that the quality of the product might not have been that great in the first place.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s