Hackers have been able to take advantage of a security flaw present in millions of hotel door locks to effortlessly steal from guests.
Forbes first reported on the flaw in July, and in a followup story, the magazine now says the bug, present in locks made by a company called Onity, has been exploited in a string of recent hotel thefts at a Houston Hyatt.
The security flaw was first publicized at a hacker conference in July by software developer Cody Brocious who showed how a simple electronics device could be used to unlock doors protected by locks in at least four million hotel rooms worldwide.
Brocious demonstrated how the locks could be compromised by inserting a digital probe into a small hole on the door lock mechanism that lets an attacker uncover the lock's combination.
The BBC reports that, when the flaw was initially publicized, Onity said it was working with customers to remove or replace locks vulnerable to attack. Onity has not released any statement about the latest attacks, according to the BBC.
UberGizmo reports that Onity is making its customers -- hotels, generally -- pay for lock fixes.
Given that this is a problem on Onity’s end, one would have expected them to perform the replacements for free – after all car manufacturers do not ask customers to pay for any fixes or replacement work that needs to be done in the event of a recall, right? Unfortunately that’s what Onity is doing ...
The Hyatt in Houston that has been a victim of these types of attacks, said it has filled the tiny holes in the locks with thick glue, according to the BBC.