Following a string of hotel room burglaries preying on vulnerable locks made by Onity, the company has finally agreed to replace some of the systems at its own expense. According to Forbes, Onity is currently working with the Marriott, InterContinental Hotel Group, and the Hyatt to replace the insecure locks in their hotels, and will cover some, if not all, of the cost. A timeline for replacement is not clear, but an unnamed hotel industry source told Forbes that the company is trying to address "the security issues as quickly as they can."
Onity will cover some, but not all, of the cost
The vulnerability was first disclosed at the Black Hat conference in July by Mozilla developer Cody Brocious, and involves hooking into a data port on the underside of the lock and using a device to hack the firmware, thus opening the door. In August, Onity stated that it would not pay to replace the locks, and instead offered a free plug to block the port.
Petra Risk Solutions' director of risk management Todd Seiders told Forbes that certain language in the lock replacement contracts could free Onity of liability for future hacks, suggesting an "ulterior motive" for the fix. We'll have to wait and see, but hopefully Onity's new locks prove more secure.