With less than $50 worth of parts and only a few seconds, millions of hotel room keycard locks around the world can be hacked and unlocked by robbers-cum-hackers trying to break into your room. The good news? The security flaw can be fixed. The bad news? No one wants to pay to fix them.
Here's how the hack/break-in of these hotel doors work. Cody Brocious, a Mozilla developer, discovered that he could insert open source hardware into a port on the underside of hotel room locks and "read their memory to find a decryption key, and use it to gain access to the lock's firmware and trigger its open command in a matter of seconds." The locks he accessed were made by Onity, a company who supplies five million hotel rooms with their keycard locks.
What is Onity doing to fix this glaring problem? Well, as a band-aid solution, Onity will give hotels a cap to cover the data port that Brocious's hack needed to plug into and Torx screws to replace the regular screws on the keycard locks. Like a flimsy plastic cap could really stop someone from breaking into their room. That's not good enough.
The crazy thing is Onity could fix every single hotel room lock by swapping out the circuit board and firmware inside the lock. This would kill Brocious's hack and keep people safe. The problem? Onity is asking the hotels to pay up for their screw up. According to Forbes:
Onity is asking owners of some models of its locks of some to pay a "nominal fee" for the fix, while offering others "special pricing programs" to cover the cost of replacing components. It's also asking its customers to cover the shipping and labor costs of making hardware changes to the millions of locks worldwide.
What a business model. Sell a flawed product that exposes your customers and then demand more money from your customers to pay for your flawed product. As you can imagine, no one really wants to fork over the cash to fix someone else's problem. [Forbes]