An electronic hotel lock provider has issued a series of fixes to its technology after a cheeky developer used a major conference to demonstrate a hack to open doors.
Onity was forced to react after Mozilla software developer Cody Brocious used the Black Hat security conference to outline how he could open hotel doors a simple open-source device.
Brocious used a piece of technology costing around $50 which he adapted so that he could attach the device to the underside of an Onity hotel lock.
According to The Register, Brodious's device was only able to work because of two parallel issues with Onity locks: "The ability to read memory locations on vulnerable electro-mechanical locks and flawed cryptography in the key cards system itself."
After initially dismissing the hack as "unreliable", Onity has now issued details to potentially nervous hoteliers for how to prevent the hack from hitting their own properties.
The fix comes in two forms:
A "mechanical cap" which can be inserted in the programmable plug of the existing Onity locks, effectively blocking the physical access.
The second options is likely to anger hoteliers (who have found themselves at the mercy of recent developments, both security-wise and now financially) involves replacing the control mechanism and firmware for both the HT and Advance series locks that Onity produces.
The company says:
"For locks that have upgradable control boards, there may be a nominal fee. Shipping, handling and labor costs to install these boards will be the responsibility of the property owner."
Expect this to run and run.
NB:Electronic hotel door lock image via Shutterstock.