Hotel Lock Security Breach Affecting Four Million+ Rooms
The latest security threat is a device hidden inside a dry erase marker pen; News of hotel door locks being breached by hackers has gone viral and new reports reveal room break-ins and theft.
The major security breach impacting more than four million electronic door locks installed worldwide, disclosed by Forbes.com and presented at the BlackHat security conference in July, continues to alarm hoteliers worldwide seeking to address the issue. According to a recent Crime Alert,” actual guestroom burglaries and guest thefts” are now taking place.
To combat the issue, OpenWays, the world leader in mobile-based access management solutions, is offering an independently audited security “LOCKFIX” solution. Hotels vulnerable to potential security threats are invited to register to receive a copy of an updated White Paper to arm against such attacks with the power of smartphones. An educational video also is available.
As reported in the Crime Alert and a Forbes.com article titled: Hackers Crack Hotel Room Locks With a Tool Disguised As A Dry Erase Marker, the computer “hacking” community has further miniaturized their devices so that they can be concealed in both an iPhone case and a dry erase marker pen to open a specific brand of hotel guestroom door locks. Widespread publicity of the lock vulnerability has put the traveling public at huge risk to safety and theft, and as a result, multiple rooms have been hit at several hotels.” Now reports are discussing the viability of hackers downsizing the device to the size of a pen.
“Time is of essence to recover security,” said OpenWays Founder and CEO Pascal Metivier. “The plan proposed by the lock manufacturer in question requires expensive and complicated hardware changes and more importantly, its effectiveness to recover security was already severely challenged by the hacker and the security expert community.
“Equally concerning, no independent security audit and testing were yet published by the lock manufacturer resulting in raising a lot doubts,” he said.
An effective and fully audited solution is finally made available to hoteliers worldwide to promptly bring a secure solution to hoteliers, OpenWays was able to leverage its Mobile Key platform and make adaptations to address the risks related to the incriminated lock communication port breach.
“LOCKFIX has been audited by independent and reputable security firms, and the results confirm the effectiveness of the solution,” Metivier added. “The independent audit results also demonstrate that with LOCKFIX, other major non-published security threats(*) are also addressed.”
With a collective team representing more than 100 years in electronic locking and security systems expertise for hotels and other facilities, OpenWays offers innovative and state of the art mobile-device based access management solutions allowing guests to bypass the front desk, proceed directly to their room and securely open their lock with their cell phone. OpenWays already offers upgrade kits compatible with the major electronic lock brands including the locks in question.
“As hotel security experts, the OpenWays team felt obligated to aid in rectifying this serious security issue which can potentially be damaging to both hotel owners and travelers,” Metivier said.
“Therefore, we have added LOCKFIX to our Mobile Key front-desk bypass solution available in a freeware mode (free of any license fees).”
Background of the Breach
The initial security breach was publicized on Forbes.com in late July in an article titled: “Hacker Will Expose Potential Security Flaw In Four Million Hotel Room Keycard Locks.” At the Black Hat security conference in Las Vegas, Cody Brocious, a hacker and software developer for Mozilla, demonstrated the security breach, and the necessary technical information and code was presented on his web site. Since then, other hackers have been able to replicate and even improve the device with hardware available readily for less than $50 in just a few hours.
In an August article on Forbes.com titled “Hotel Lock Firm’s Security Fix Requires Hardware Changes For Millions Of Keycard Locks” writer Andy Greenberg noted that the lock manufacturer’s proposals and systems were not submitted for a thorough security audit to an independent, reputable security audit expert. Today, news of the OpenWays LOCKFIX is spreading: “OpenWays Finds Solution to Cody Brocious’s Infamous Hotel Lock Hack.”