A string of break-ins and thefts at Texas hotels using vulnerable Onity keycard locks has left security firms concerned that the issue "will only get bigger." The technique was first unveiled by programmer Cody Brocious at Black Hat in July, and involves hacking the card reader system using less than $50 in equipment that can easily be concealed in an iPhone case or dry erase marker.
Janet Wolf's laptop was stolen from her locked room in the Houston Hyatt in September, Forbes reports. While police won't release information on how the room was broken into, Hyatt franchisee White Lodging believes the room was accessed using Brocious' hack. Insurance company Petra Risk Solutions also released an alert in mid-October stating that "multiple rooms at several hotels" had been broken into potentially using this technique, and that similar incidents had occurred in Florida.
Onity released a statement on August 13th saying that it would provide hotels with a way to plug the port hackers use to access the lock, and switch to less common Torx screws to make the lock harder to open. Onity also offers a control board replacement to counter the vulnerability, but requires hotels to pay for shipping, handling, and installation. Petra Risk Solutions' Todd Seiders told Forbes that over 80 percent of the company's customers have implemented some form of fix, but due to ignorance or financial concerns, there are likely many hotels that remain open to this line of attack.