Tag Archives: Onity Locks

Hospitality Industry Security Risks: Hotel Electronic Door Locks In "Various Stages Of Being Repaired"; "Mechanical Caps And Security Screws" Provided To Block Hackers

In October, hotel insurance-related company Petra Risk Solutions issued its hotel clients an alert headlined, “Crime Alert – Onity Guestroom Door hackers are for real.”

Onity Electronic LockIn Florida, Petra loss prevention expert Todd Seiders said he received reports that a hacker had been seen carrying a laptop and using a key card – possibly connected to the laptop – to open locked guestroom doors.

The locks on more than 1 million guestroom doors are in various stages of being repaired, following the revelation this summer that they may be vulnerable to hackers.

The New York Marriott Marquis, the biggest hotel in Manhattan, for instance, just completed updating all of its nearly 2,000 door locks. The hotel is one of thousands of properties with guestroom locks manufactured by Onity, a division of United Technologies. An Onity website also shows Sheraton, Hyatt, Holiday Inn, Fairmont, Radisson and other well-known hotels from Paris to Perth as also having its locks updated.

The hacking tool, according to Petra’s alert, could be made for about $50 in easy-to-acquire electronic parts.

“Please train and notify your hotel staff that these burglaries are spreading across the country,” Petra’s alert cautioned hoteliers. “Hotel staff should be vigilant while they are on the guest floors and paying attention to guests walking through hallways…Take time to watch guests walking through your hallways to ensure they are going to a room and entering it. Be very suspicious of someone carrying a laptop or small bag wandering the hallways. Greet guests and ask them if they need assistance.”

Onity did not immediately return an e-mail seeking comment about the issue. But in a statement updated for December on its website, Onity says that as of Nov. 30, it has shipped hardware to fix 1.4 million hotel door locks. The hardware includes mechanical caps and security screws that “block physical access to the lock ports that hackers use to illegally break into hotel rooms.”

For more:  http://www.usatoday.com/story/hotelcheckin/2012/12/14/hotels-fixing-flaw-that-made-room-locks-vulnerable-to-hackers/1769081/

Comments Off on Hospitality Industry Security Risks: Hotel Electronic Door Locks In "Various Stages Of Being Repaired"; "Mechanical Caps And Security Screws" Provided To Block Hackers

Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Risk Management, Technology, Theft

Hospitality Industry Security Risks: Recent Texas Hotel Room Robberies Linked To "Electronic Lock Hacking"; Thefts Involving Digital Devices Expected To "Explode Nationally"

“…the Houston Hyatt may not be the only site hit with the Onity hack. An alert published by the insurance firm Petra Risk Solutions in October claimed that “several” hotels in Texas have had their locks opened with Brocious’ technique. Todd Seiders, a former Marriott security director who now works as director of risk management at Petra, says he spoke with the general manager of one of those hotels, who knew of at least three Texas hotels affected in total…”

“…hotels with Onity locks need to either shell out for Onity’s circuit board fix or at least block access to their locks’ ports, says Todd Seiders of Petra Risk Solutions–he estimates that more than 80% of his customers have implemented a fix since August, but says that many more hotels around the world may not have been so careful…”

Whoever robbed Janet Wolf’s hotel room did his work discreetly. When Wolf returned to the Hyatt in Houston’s Galleria district last September and found her Toshiba laptop stolen, there was no sign of a forced door or a picked lock. Suspicions about the housekeeping staff were soon ruled out, too—-Wolf says the hotel management used a device to read the memory of the keycard lock and told her that none of the maids’ keys had been used while she was away.

Two days after the break-in, a letter from hotel management confirmed the answer: The room’s lock hadn’t been picked, and hadn’t been opened with any key. Instead, it had been hacked with a digital tool that effortlessly triggered its opening mechanism in seconds. The burglary, one of a string of similar thefts that hit the Hyatt in September, were real-world cases of a theoretical intrusion technique researchers had warned about months earlier—one that may still be effective on hundreds of thousands or millions of locks protecting hotel rooms around the world.

Last month Houston police arrested 27-year-old Matthew Allen Cook and charged him with theft in a September 7th break-in at the Hyatt House Galleria. Police also listed Cook as a suspect in the theft from Wolf’s room four days later and that of another guest at the hotel. Cook, who has a prior history of arrests for thefts and burglary, was identified when an HP laptop stolen from one of the hotel rooms was found in a local pawn shop, where staff helped police to identify him.

For more:  http://www.forbes.com/sites/andygreenberg/2012/11/26/security-flaw-in-common-keycard-locks-exploited-in-string-of-hotel-room-break-ins/?goback=.gde_76056_member_189780979

Comments Off on Hospitality Industry Security Risks: Recent Texas Hotel Room Robberies Linked To "Electronic Lock Hacking"; Thefts Involving Digital Devices Expected To "Explode Nationally"

Filed under Crime, Guest Issues, Insurance, Liability, Maintenance, Management And Ownership, Technology, Theft