Cody Brocious, a hacker, announced at Black Hat a simple DIY Arduino solution to gain instant, untraceable access to millions of Onity HT card-key protected hotel and college dorm rooms. Zero authentication required, even master card-keys for anonymous entry can be retrieved from the hack.
So, how’s Onity (which is part of UTC Fire and Security) performing against this bad news? Surely there’s going to be some blowback from the hotels to replace many of those vulnerable locks? Might it be an opportunity sell short? Here’s a snapshot of the week in which the vulnerability was made public on 7/24/2012 …
Here’s how the stock is performing this past week …
“Since 1984, Onity has set the standard for locking doors electronically with installations of more than 3.7 million electronic locks throughout the world. As a leading global provider of electronic locking systems, Onity offers innovative technological solutions and services for the Hospitality, Corporate, Education, Government and Marine markets. The company’s ever-expanding family of facility management solutions includes electronic locks, in-room safes, and Senercomm® energy-management systems. Headquartered in Duluth, Georgia, Onity has R&D and manufacturing operations in Spain, Mexico, China, and the U.S., as well as an extensive sales and service network that spans more than 115 countries around the globe”
Links: The hacker’s blog I, Hacker, his paper and slides | Extreme Tech’s Black Hat hacker gains access to 4 million hotel rooms with Arduino microcontroller | Forbes’ Hacker Will Expose Potential Security Flaw In Four Million Hotel Room Keycard Locks
For those lacking in programming finesse, there’s always this heavy handed method: Knock the handle off, then hook and turn the bolt! Not what you want protecting your dorm or holiday home, eh?
Links of similar interest: Don’t Trust Your Hotel Room Safe and Gone in 60 seconds… Hotel Safe cracked with a paperclip | Onity Statement of the breach | Forbes article Hotel Lock Firm’s Security Fix Requires Hardware Changes For Millions Of Keycard Locks