Earlier this year, a team of researchers announced that it was possible to hack the keycard systems used in millions of hotel rooms using $US50 worth of parts. Now a recent spate of hotel break-ins is being attributed to the attack.
Forbes reports that a string of hotel room thefts in Houston have been pinned on 27-year-old Matthew Allen Cook. While the police remain silent on how the rooms were accessed, White Lodgings, a Hyatt franchisee that runs the hotel in question, claims that Cook hacked the establishment’s keycard system. The hack was first revealed back in September. At the time we explained:
Cody Brocious, a Mozilla developer, discovered that he could insert open source hardware into a port on the underside of hotel room locks and “read their memory to find a decryption key, and use it to gain access to the lock’s firmware and trigger its open command in a matter of seconds.” The locks he accessed were made by Onity, a company who supplies five million hotel rooms with their keycard locks.
Forbes goes on to report that White Lodgings was aware of the problem with its Onity locks as early as August this year. So, it probably did something to safeguard itself, right? Umm, kinda: Forbes reports that “White Lodging resorted to plugging the port at the bottom of its Onity locks with ‘epoxy putty’”. An effective security strategy if ever there was one.
Now that thefts have occurred though, White Lodgings… still hasn’t done anything. Nor does it look set to, because in a rather schoolyard turn of events, Onity is insisting that hotels cover the cost of the hardware replacements. Essentially, nobody wants to fork out for a major security screw-up. Meanwhile, of course, millions of hotel rooms around the world are at risk of the hack. [Forbes]