Hotel door lock company Onity has released fixes to security holes found in it keycard locks.
It was reported that the fixes were released after Mozilla software developer turned security researcher Cody Brocious used a small device costing about $50 to bypass the locks by extracting a decryption key. This key was then used with a command to open the door. The vulnerabilities were demonstrated at a recent security convention.
The issue uses two weaknesses, the ability to read memory locations in the locks and flawed crypography in the key card system. Onity initially dismissed the attack due to the complexity of the attack however they have offered some fixes which include a physical plug to block access to the portable programmer port.
Onity’s keycard locks secure access to an estimated four million hotel rooms worldwide.
Tiro Security is a company dedicated to resourcing IT Security Jobs fulfilling both companies staffing needs and individuals career goals.