Most of the high-end hotels around the world rely on keycard locks for the security of hotel rooms. However, these locks may not be so secure after all as a fresh string of thefts that have been perpetuated by ‘hacking’ these locks has demonstrated.
The thefts reportedly occurred at Hyatt in Houston. Guests staying at the hotel reported that their laptops were missing from the room. The hotel management checked up the memory of the keycards and affirmed that none of the housekeeping staff accessed the rooms in the absence of the guests.
Naturally, the episode was baffling as someone certainly stole the laptops by entering the rooms, yet the hotel management couldn’t discern how it was possible. However, soon it transpired that the theft had been carried out by exploiting a simple security flaw in the keycard locks.
The hotel locks in this particular case were Onity-manufactured which, it was eventually found out, contained a critical security vulnerability. Apparently, you simply needed to create a special device which can be plugged into the port at the bottom of a Onity lock. The device can then read the digital key off the lock’s chip and this key can be used to open the lock instantly.
The vulnerability is no secret and it has been demonstrated at a number of hacker events in the past. However, Onity doesn’t seem to be bothering too much about it. Currently, the company’s locks are installed on nearly four million hotel rooms around the globe.
Yet, it hasn’t started fixing this vulnerability in the locks. Rather, the company has proposed that it can block the bottom of these locks with a plastic plug to mitigate the risk. However, if customers want a permanent solution, Onity is of the view that they should bear the expenses of the upgrade.
Customers seem to side with Onity on this one. Janet Wolf, who was one of the victims of thefts at Hyatt, says that the onus for security lies entirely on the hotel management and not on the company providing locks. And that the hotel should make sure there are no security loopholes.