Lock Hacker Carries Out Texas Crime Spree

A string of hotel room thefts in Texas has brought into question the security of an estimated 10 million electronic door locks commonly used worldwide in hotels and other facilities.

Back in July, a security researcher demonstrated a problem with a system known as Onity HT locks. He said the technology is used in one-third of hotels worldwide and covers more than half of all locks now in use.

The researcher, Cody Brocious, says the main flaw in the system is the equipment used for two specific purposes: opening a door when the battery in the lock has failed and creating a master key card for hotel staff members. (Source: demoseen.com)

Device Access Lock Code

Using a specially-crafted device that slots into the lock, Brocious says he is able to access the coding in the lock and then immediately feed that back into the lock as if he had inserted a master key card.

The result: he can instantly unlock any of these doors.

Another security researcher has now adapted the unlocking device so that it looks like your average magic marker pen.

When Brocious first discussed his findings earlier this year, he expressed concern about publicizing the security flaw. He was also worried about the cost of upgrading locks around the world to defeat his unlocking device.

However, it now appears that such upgrades will have to be made, although it's likely to be extremely costly.

Lock Manufacturer May Have Been Over Confident

Onity, which manufactures the electronic locks Brocious can so easily open, said that the methods Brocious described were "unreliable and complex to implement." However, the firm has reportedly initiated an effort to upgrade its locks' software.

According to reports, upgrading the software has been a long and difficult process. In some cases, a less technical solution has worked, such as physically blocking access to the lock's inner core.

There has also been some dispute about whether the lock owners or Onity should pay for any needed upgrades.

The issue has come to a boil with the arrest of a man suspected of several room thefts in Houston, where a hotel manager says there was no sign of forced entry or tampering with the locks. He strongly believes the tactic made public by Brocious is involved in the heists. (Source: forbes.com)