This hardware hack is quite significant because of the sheer number of Onity locks in use, over 4 million according to Onity's own statistics. The hackers "exploited the port on the bottom of the lock intended for a device that hotels can use to set master keys." From this they were able to read the locks memory, ultimately giving them access to the locking mechanism. The entire build cost about $30 and took eight hours to assemble. That is really cheap considering it gets you worldwide access to some of the finest hotel rooms. Other hackers have created similar versions, concealing the hardware into an aluminum wallet and an iPhone case.
You would think that as soon as Onity heard of this issue with their locks, they would be quick to remedy the situation. However, the solutions they presented were replacing or upgrading the locks at the hotels cost, or installing a small plug which would block the locks data port. The first solution would be cost prohibitive, meaning hotels would not be likely to repair the locks. This would leave hotel guests in danger. The second fix could probably be circumvented by a pick or screwdriver, and even if it cannot be dislodged, "the plugs would prevent the use of the hotels’ lock programming devices." Either way Onity has acted irresponsibly and needs to find an economical way to make their product more secure.
No comments:
Post a Comment