Posted on Wednesday, November 28 2012 @ 14:01 CET by Thomas De MaesschalckThe base of every Onity lack has a small barrel-type DC power socket that can be used to charge up the lock's battery and to program the lock with a 32-bit key that identified the hotel. To his surprise, Brocious discovered that he could simply read this 32-bit key out of the lock's memory by plugging an Arduino microcontroller into the DC socket. By playing the 32-bit code back to the lock, it opens, and unfortunately there's no way to solve this critical security hole other than to replace every single vulnerable lock.
Onity isn't willing to pay for the fix itself, and other than installing a new circuit board in every lock the only other option is to change out the standard screws for more obscure specialty screws. ExtremeTech writes today that the exploit is now being used by Texas thieves, and possibly at other locations as well.
Forbes has a sobering article about how a man named Matthew Allen Cook is being charged in relation to a hotel room break-in and theft. Here’s the money quote from the article: “… White Lodging, the Hyatt franchisee that manages the Houston hotel, believes that the rooms were opened using a device that takes advantage of a glaring security vulnerability in keycard locks built by the lock company Onity, specifically a model of lock that appears in at least four million hotel rooms worldwide.” This hack was out in the wild for months, and Onity didn’t act upon this information until after they were made aware of this event that happened in September.
