Forgot your password?
typodupeerror
Security IT

After Hacker Exposes Hotel Lock Insecurity, Lock Firm Asks Hotels To Pay For Fix 244

Posted by Soulskill
from the we-are-so-sorry-give-us-money dept.
Sparrowvsrevolution writes "In an update to an earlier story on Slashdot, hotel lock company Onity is now offering a hardware fix for the millions of hotel keycard locks that hacker Cody Brocious demonstrated at Black Hat were vulnerable to being opened by a sub-$50 Arduino device. Unfortunately, Onity wants the hotels who already bought the company's insecure product to pay for the fix. Onity is actually offering two different mitigations: The first is a plug that blocks the port that Brocious used to gain access to the locks' data, as well as more-obscure Torx screws to prevent intruders from opening the lock's case and removing the plug. That band-aid style fix is free. A second, more rigorous fix requires changing the locks' circuit boards manually. In that case, Onity is offering 'special pricing programs' for the new circuit boards customers need to secure their doors, and requiring them to also pay the shipping and labor costs."
This discussion has been archived. No new comments can be posted.

After Hacker Exposes Hotel Lock Insecurity, Lock Firm Asks Hotels To Pay For Fix

Comments Filter:
  • by Rogerborg (306625) on Wednesday August 22, 2012 @03:47AM (#41078455) Homepage

    Any hack that requires physical disassembly of the lock is just ePeen waving.

    Given the choice between a $50 bit of magic juju that might work after 5 minutes of fiddling, and a $20 jimmy that will work 100% of the time in 10 seconds, I know which option 99% of "going equipped" criminals are going to go for.

    So, no, I'm not blaming the lock manufacturer here. No security is absolute, it's a question of what's reasonable.

    • by Anonymous Coward on Wednesday August 22, 2012 @03:56AM (#41078493)

      RTFA. No need to disassemble the lock - all you do is plug in a small gadget into a nokia-charger-style plug at the bottom of the lock and volià - open door.

      • by ArsenneLupin (766289) on Wednesday August 22, 2012 @04:45AM (#41078721)

        RTFA. No need to disassemble the lock - all you do is plug in a small gadget into a nokia-charger-style plug at the bottom of the lock and volià - open door.

        Not after the "free" workaround (cap that covers connector, and requires lock disassembly to remove) is applied.

        And I guess, if you already have disassembled the lock, you won't need the gadget to open it: a short applied directly at the actuator would do the trick too.

        So, the "bandaid-style workaround" (cap) might actually make more sense than the improved circuit board (which may only protect against the current intrusion software, but not against enhancend versions that take into account the new memory layoyt).

        • by adolf (21054) <flodadolf@gmail.com> on Wednesday August 22, 2012 @06:01AM (#41079007) Journal

          Forget applying a "short" "directly at the actuator" (whatever that means): If you've already got the lockset disassembled, you just unlock it mechanically; no electronics needed.

          That said, presumably (and I did R most of TFA), neat disassembly also requires access to the locked room, as is the case with most locks which are designed to be secure in only one direction.

          But without more data, I'm led to wonder if the "free" workaround cap is actually all that physically secure, anyway: Being both a retrofit and (and again I presume) only having been designed within the past month or so, and then built down to a cost that can be distributed for free, it seems entirely likely that the cap itself might still be vulnerable to defeat from outside.

          • by Andy Dodd (701)

            That's the problem - If you can just remove a few torx screws and then remove the cap, you've at most increased the time it takes to defeat the lock.

            One of the key things here is - People aren't going to notice a few missing screws immediately. An attacker could walk by, remove a screw, then get clear. Rinse and repeat until all screws are removed. In the time in between, most likely NO ONE would notice the lock was missing a screw or two - hell this happens in normal situations all the time.

        • by mark-t (151149)
          One of the operative words here is "untraceable". The hack leaves absolutely zero evidence of having been tampered with by this hack, and all the hacker has to do is put the plug cover back on, removal of which is hardly tantamount to fully disassembling the lock. Besides which, disassembling a lock that can later be easily reassembled should be something that can only be done from *INSIDE* of a unit... not from outside, as the plug they are offering does. If this port that this plug covers were only
    • Re: (Score:2, Informative)

      by Anonymous Coward

      Isn't the point of the original hack that you can do it through the exposed programming port in seconds and leave no trace? Sounds superior to a crowbar, though my experience is limited.

    • by dead_user (1989356) on Wednesday August 22, 2012 @10:08AM (#41080591)
      I can attest that hotel room doors are pretty crowbar-resistant. During Katrina I was "essential personnel" and was "evacuated" to the hotel near City Hall so I could be at the ready once the storm passed. About $70k worth of equipment came with me to the hotel room to get it more protected. (Backup servers and their ilk.) The next evening when the national guard guys took us back to our rooms to get our stuff, there were three giant gouges in my door. But the door held. I was both impressed and disgusted. These people also beat up the hotel staff because they were upset that the hotel generators didn't also run the A/C's. Eventually, the hotel was abandoned and left to them. It was just too dangerous to the staff to stay. By the second night, they had defaced much of the hotel with spray painted signs declaring the hotel the "New 4th Ward", a project (slum) from New Orleans. Granted, their homes were flooded, but so was mine. So sad.
  • by gweihir (88907) on Wednesday August 22, 2012 @04:00AM (#41078511)

    "Secure" screws are anything but. You can either print them (wax, photograph) and make matching bits pretty easily. You can even automatize this. Or you can force them with some pre-made approximations. (Yes, that may mean carrying around 50 possibles, and/or a file, but it is not hard.) There are other techniques as well, for example removal tools for broken screws or ice-spray and a hammer. Sawing a slit into the screw-head is also typically pretty easy.

    Yes, I have done it a few times. Not for these locks, but I would be surprised if they were any different.

    • by bloodhawk (813939)
      or why bother with any of that when a small crowbar will bypass it all.
      • by gweihir (88907)

        or why bother with any of that when a small crowbar will bypass it all.

        The damage is too visible, dramatically increasing attacker risk.

        • by bloodhawk (813939)
          you aren't breaking down the door, levering open a lock in many cases is unnoticeable except on closer inspection, especially if you close the door afterwards.
          • by gweihir (88907)

            Not likely on these. That was the whole point of the original hack. Otherwise Hotels would get burglarized this way all the time. They do not.

            Anyways, your comment is irrelevant here. Attach it to the original story about the hack.

            • Otherwise Hotels would get burglarized this way all the time.

              There's personnel (or other guests) walking around all the time. The risk of getting caught is probably too big for most thieves.

              Discounting the risk of getting caught, there's a very low tech attack against hotels with old-fashioned mechanical keys. Just walk by the reception desk while the receptionist is temporarily out, and grab a key...

    • by Tastecicles (1153671) on Wednesday August 22, 2012 @04:26AM (#41078633)

      tech overkill.

      I use a Gator Grip [endeavorproducts.com] and have done for fifteen years. Yes, they work, no I don't work for them. Yes they're fantastic value and no, they don't charge for replacement in case of bad workmanship, act of Dog, act of Idiot, or jamming. I've only ever had to replace the small one because I managed to break it trying to loosen a disc brake caliper.

      • by adolf (21054)

        How well does your Gator Grip work on small socket-cap Torx screws, such as those discussed in TFA?

        It looks like a lovely tool for removing things that have external facets (common hexagonal nuts and bolts), but from what I see it is a picture of failure and frustration for anything else -- especially if it is very small (which lockset screws typically are).

        • as far as I can make out, if the tool can lock more than three pins around the head or in features then it will certainly grip enough to turn. I've seen (but not played with) finework versions of the Gator, and can only assume that they work on the same principle. If you can find one with fine enough pins for the job (I would say generally not to use a socket more than twice the size of the head to ensure proper grip) then sure: if a Gator will grip a rusted screw head (it will) enough to loosen it (if ther

    • Most of these methods, except photographing, will mar or stain the screw heads, i.e. not suitable for undetected entry.

      And if undetected is not a goal, a small crowbar will do the job easyer.

      • by jimicus (737525)

        How often do you think hotels have someone examine the underside of their locks?

        • How often do you think hotels have someone examine the underside of their locks?

          If something gets reported stolen (or a chambermaid claims to have been raped, ...) sure they will!

    • by TubeSteak (669689) on Wednesday August 22, 2012 @04:50AM (#41078755) Journal

      Secure screw bits are a $20 bucks for an entire set (Made in China) of all the designs.

      The only "secure" screw head is one that is custom made for you.
      Otherwise, you should be using breakaway heads or one-way screws.

      • by adolf (21054)

        I've defeated many "one-way" pan-head screws with force-multiplying pliers. Just grab and turn.

        • I googled several names but couldn't find out what force multiplying pliers are.
          I found a couple questions but no pictures.
          Ach.
          As far as I can tell they are like Vise-grips.
          Or maybe the pliers that multi-knives form when opened.
          Having almost an extra pivet.
          I still don't know how you would unscrew a one-way though.
          Well without a file or drill.

          P.S.
          Interestingly enough, I found your comment on Google trying this.

          P.P.S.
          I try to use "PS's" anytime I can.

      • by thegarbz (1787294)

        The only "secure" screw head is one that is custom made for you.

        Until someone comes with a tiny cordless Dremel and a screw extracting bit attached to the end.

      • by Kalten (20368)

        The only "secure" screw head is one that is custom made for you.

        What makes you think that? I work for a company that could not only make the screws for you, but also the bits to remove them for someone else.

        (Okay, it'd be a heck of a lot more expensive than some of the other solutions, but...)

      • The only "secure" screw head is one that is custom made for you.

        ... until somebody comes with a Gator Grip [endeavorproducts.com].

    • How about this technique? http://www.youtube.com/watch?v=oG5vsPJ5Tos&t=1m20s [youtube.com]

    • by adolf (21054) <flodadolf@gmail.com> on Wednesday August 22, 2012 @06:19AM (#41079097) Journal

      I had to defeat some stainless steel T10 Security Torx [google.com] screws in the process of doing my job, recently, as I was moving old hardware from one place to another.

      Normally, I carry a large assortment of cheap "security" driver bits with me, but alas they were not with me at the time (indeed, they were 40 miles away).

      Solution: I used a regular-old Klein T10 driver. I smashed it into the head of the screw a few times with the palm of my hand (no hammer needed), and the protruding post neatly bent over and squished itself into the valley of the Torx socket. This left plenty of surface area to neatly grab the fastener in the conventional way (with the same, and now proper driver), and remove it.

      I was fairly amused that this worked the first time. And then I repeated it 7 more times for the other screws with similar success. (The Klein screwdriver was unfazed.)

      (For the uninitiated: Torx screws intentionally require very little engagement depth to properly mate a driver to the fastener, by design. It is perhaps the singular thing they're very good at, and also the one thing that allowed them to be so easily circumvented in this case of them being modified for "security.")

      • The fact that you were dealing with stainless steel screws worked to your advantage here. Stainless is soft enough to deform under the hammer blows, but a proper hardened steel screw wouldn't do so.

      • by ledow (319597)

        I was moving some PC's that were bolted to the desks they stood on.

        Basically, the security plates were a large metal plate, secured with epoxy to the PC, to give a large surface area that then took a stiff 10mm metal cable which tied them to the desks.

        I didn't want to damage the PC casing or the desk so I had a look at what the school they were in had. They had a box of unlabelled keys along with some spare cables (so presumably they were the right keys if you could be bothered to try them all in every com

    • by JDG1980 (2438906)

      Well, there's also the fact that Torx screws aren't really that obscure to begin with.

      • by tixxit (1107127)
        Yeah. To me, torx wasn't meant for security, it was meant to say "hey, we'd rather you not remove this screw and doing so will probably void your warranty."
        • by omglolbah (731566)

          Torx is a superior head for a variety of reasons.

          Having had to deal with a myriad of the options of screws for server racks I can say without a doubt that torx saves you a ton of time and annoyance.

          All the force is applied in rotation and you do not have to keep pushing the bit into the screw-head to avoid slipping (like with positive or phillips heads).
          That, and they are a hell of a lot more durable when abused (which will happen in real world situations...)

          Use the wrong bit on a phillips head just once an

    • by Ksevio (865461)
      The advantage to "secure" screws usually is that they can't be opened using the tools your average Joe might have handy. Last I checked the swiss army knife still didn't have the bit to dismantle a bathroom stall.
    • by ceoyoyo (59147)

      Except they're torx screws, so you can just pull out your screwdriver, change the bit, and out they come.

  • Double standard (Score:5, Insightful)

    by Anonymous Coward on Wednesday August 22, 2012 @04:01AM (#41078517)

    Hmmm, we take umbrage that a company charges for a hardware upgrade to a flawed physical device, but we have gotten used to having to pay for software upgrades to get our bugs fixed. It is the second of these that is the real scandal.

    • by Zeromous (668365)

      There's a difference between bug fix and feature fix. I didn't realize vendors were charging me for bugfixes probably because they aren't.

    • by RaceProUK (1137575) on Wednesday August 22, 2012 @08:01AM (#41079497)

      Hmmm, we take umbrage that a company charges for a hardware upgrade to a flawed physical device, but we have gotten used to having to pay for software upgrades to get our bugs fixed. It is the second of these that is the real scandal.

      How much did you pay for a Windows Service Pack? Personally, I spent $0.00, consisting of a $0.00 deposit, 35 easy monthly payments of $0.00, and a final payment of $0.00 to keep it for life.

      • How much did you pay for a Windows Service Pack?

        Windows 7 has been nicknamed Windows Vista Service Pack 3 by the press, and Microsoft charges for it. So to answer your question, search for windows 7 upgrade price on Bing or Google.

  • Really a story? (Score:5, Insightful)

    by FaxeTheCat (1394763) on Wednesday August 22, 2012 @04:04AM (#41078539)
    Is this really a story? The conditions for repairs and upgrades are most likely regulated in the contract between the hotels and the supplier/manufacturer. Big deal.
  • by Anonymous Coward on Wednesday August 22, 2012 @04:05AM (#41078543)

    Many slashdotters and/or cyclists remember the whole Kryptonite debacle where their locks could be opened with a Bic pen. Kryptonite offered free replacements, with free shipping, without requiring the receipt. They ate a huge cost but saved their company's reputation. People still buy their locks.

    This company is making its customers pay for their poor design. They are done.

    • by Isaac-1 (233099) on Wednesday August 22, 2012 @04:25AM (#41078627)

      I suspect Kryptonite had a bit more markup built into their business model, this sort of recall would likely bankrupt the lock company if they offered it for free which would leave the hotels without replacement parts, or locks for new constuction, etc. Remember hotels love standarization and these locks must offer remote programming from the front desk, etc.

    • by norpy (1277318)

      There is a difference here:

      Kryptonite: Large number of customers with little knowledge of the issues protecting something cheap with something cheap, this warranty will likely not be taken up enmasse assuming the locks aren't already lost or rusting in a shed.

      Onity: Relatively small number of customers with large numbers of locks and highly likely to find out about the flaw who also likely pay for maintenance contracts.

    • by tixxit (1107127)
      Intel recalled all processors with the FDIV bug back in the 90s and are still king of the hill today. However, very few companies have the resources to take a hit like that and come out intact. If they aren't offering the fix for free, it is probably because they just cannot afford it. I'm sure they are not completely brain dead and realize this looks bad to them. Most likely, they did more research leading up to this decision than we did.
  • Fuck your company, I'll go someplace else for my locks. Maybe to a company that knows the LAW when it comes to selling hardware that is FIT FOR PURPOSE!

    • Maybe to a company that knows the LAW when it comes to selling hardware that is FIT FOR PURPOSE!

      Maybe they are perfectly within the law. In the UK, consumers cannot waive protections given by the Sales of Goods Act, but businesses can. It's not as black and white for businesses as it is with consumers. Exactly which law do you think the lock company should know, and how do you know they're breaking it?

      I do agree though - go elsewhere for locks. Even if not contractually or legally obliged to do so, with such a sloppy and blatant design issue, Onity should be picking up the tab. Hopefully the bigger ch

      • Re:You know what? (Score:5, Informative)

        by Tastecicles (1153671) on Wednesday August 22, 2012 @05:16AM (#41078841)

        1979 (c. 54) provides:

        14 Implied terms about quality or fitness.

        (1)Except as provided by this section and section 15 below and subject to any other enactment, there is no implied term about the quality or fitness for any particular purpose of goods supplied under a contract of sale.
        (2)Where the seller sells goods in the course of a business, there is an implied term that the goods supplied under the contract are of satisfactory quality.
        (2A)For the purposes of this Act, goods are of satisfactory quality if they meet the standard that a reasonable person would regard as satisfactory, taking account of any description of the goods, the price (if relevant) and all the other relevant circumstances.
        (2B)For the purposes of this Act, the quality of goods includes their state and condition and the following (among others) are in appropriate cases aspects of the quality of goods—
        (a)fitness for all the purposes for which goods of the kind in question are commonly supplied,
        (b)appearance and finish,
        (c)freedom from minor defects,
        (d)safety, and
        (e)durability.
        (2C)The term implied by subsection (2) above does not extend to any matter making the quality of goods unsatisfactory—
        (a)which is specifically drawn to the buyer’s attention before the contract is made,
        (b)where the buyer examines the goods before the contract is made, which that examination ought to reveal, or
        (c)in the case of a contract for sale by sample, which would have been apparent on a reasonable examination of the sample.

        emphases mine.

        If a lock is described as a lock, and looks like a lock, is it unreasonable to expect it to perform as such? I don't think so.
        If a device is described as a lock and does not in fact perform that function, to the point where intervention is required, then is it unreasonable to assume that the defect is by design? I would say not.

        Therefore, the effect of the failure of the product to perform *as advertised* constitutes a material breach of contract, one which should be pursued for restitution and remedy.

        DISCLAIMER: IAAL.

        • Re:You know what? (Score:5, Insightful)

          by adolf (21054) <flodadolf@gmail.com> on Wednesday August 22, 2012 @06:46AM (#41079195) Journal

          If a device is described as a lock and does not in fact perform that function, to the point where intervention is required, then is it unreasonable to assume that the defect is by design? I would say not.

          It is common knowledge that locks only keep out honest people.

          Corollarily, a lock which allows entry by dishonest people is still a lock.

          If it were a mechanical lock with pins and tumblers, it would be defeatable by dishonest people. This lock happens to be electronic, and is also defeatable by dishonest people.

          I don't see the difference in the context that you specify.

        • Therefore, the effect of the failure of the product to perform *as advertised* constitutes a material breach of contract, one which should be pursued for restitution and remedy.

          Absolutely — provided that this term is actually incorporated into the contract, which is the key issue here. (Let's assume that English law applies here.)

          Although the term is an "implied term," and thus can exist even if it is not written into a contract (if there is a written contract) or expressly stated as part of the agreement, there's no general principle of law which says that implied terms cannot be excluded. Instead, we have to look to specific laws on this.

          For this particular term, sect

        • by thegarbz (1787294)

          DISCLAIMER: IAAL.

          Of course you are. This is blatantly an advertisement for your services against lock makers of the world given how every house in America can be broken into with a lockpick. Does that make it defective by design?

          I smell a class action.

    • by wvmarle (1070040)

      Shopping around may be a good idea for a new set-up, but this has to do with existing hotels.

      Replacing the lock means purchasing a complete new set of locks, purchasing a complete new set of key cards and programming equipment, labour cost of replacing all these locks plus probably adaptations to the existing doors and door frames, possibly even the need to replace all the doors because there is no way to fit the new lock in the existing space in a good looking way.

      Going with the upgrade option on offer sou

      • Security is all about raising the cost of intrusion beyond the value of intrusion ; the cost of intrusion for these locks will decrease rapidly as the knowledge of how to build the lock-cracker spreads. At first it will only be people with the time to reproduce the hack ; then when one of these is unscrupulous enough to spread this information, it will be enough to be merely proficient with a computer and a soldering iron. Then people will start selling them and anyone who just knows it's possible will be a

  • Say what? (Score:5, Insightful)

    by Ignacio (1465) on Wednesday August 22, 2012 @04:30AM (#41078649)

    Torx? Obscure? What decade do they think this is?

    • by wvmarle (1070040)

      Well, insofar, it's not one that I have in my toolbox. That's how obscure and uncommonly used they are.

      It's also not one that I couldn't buy at the local hardware shop, if I'd need one.

      • by isorox (205688)

        Well, insofar, it's not one that I have in my toolbox. That's how obscure and uncommonly used they are.

        It's also not one that I couldn't buy at the local hardware shop, if I'd need one.

        Yet the standard screwdriver set I keep in one of our overseas offices cost under USD10 and contains 4 different sizes

      • by tixxit (1107127)
        Are you sure? The $50 socket set I bought years ago has a screw-driver attachment with several sizes of torx bits. I also have a few others lying around, not sure where they came from. Probably from replacement screens for my phone and things like that.
      • by ceoyoyo (59147)

        You have both a crappy toolbox and a crappy hardware shop.

        I have to admit, I'm not exactly sure where my T10 is at the moment, because people keep borrowing it because they're used in all sorts of things. But you can generally find cheap torx sets at the local dollar store and sometimes convenience and gas station stores. No need to even go to a hardware store.

    • by dissy (172727)

      Torx? Obscure? What decade do they think this is?

      Exactly what I was thinking! I picked up one of these nice "100 piece security bit" sets from a local store for $10. Even at Amazon it's only $13 plus shipping.

      http://www.amazon.com/Neiko-100-Piece-Security-Bits-Storage/dp/B000O5XDOG [amazon.com]

      Product Description
      100 pc. Security Bits Set Security bits set contains many of the most common tamper proof type security bit sizes, including tri-wing bits, torx bits, spanner bits, and hex bits. Security bits set contains: 1 - wing nut driver. 1 - magnetic bit holder. 1 - socket bit holder. 1 - 1/4" sq. x 1/4" hex x 1" extension. 1 - 1/4" sq. x 1/4" hex x 2" extension. 3 - clutch bits (# 1, 2 & 3). 3 - torq bits (# 6, 8 & 10). 3 - spline bits (M-5, 6 & 8). 4 - tri-wing bits (# 1, 2, 3 & 4). 4 - square recess bits (# 0, 1, 2 & 3). 4 - spanner bits (# 4, 6, 8 & 10). 6 - metric hex tamper proof bits (2, 2.5, 3, 4, 5 & 6). 6 - SAE hex tamper proof bits (5/64, 3/32, 7/64, 1/8, 9/64 & 5/32). 8 - phillips bits (0, 1, 2{5} & 3). 8 - pozi drive bits (0, 1, 2{5} & 3). 9 - slotted bits (3, 4, 4.5, 5, 5.5, 6, 6.5, 7 & 8). 9 - metric hex bits (1.5, 2, 2.5, 3, 4, 5, 5.5, 6 & 8). 9 - torx bits (T-8, 10, 15, 20, 25, 27, 30, 35 & 40). 9 - torx tamper proof bits (T-8, 10, 15, 20, 25, 27, 30, 35 & 40). 10 - SAE hex bits (1/16, 5/64, 3/32, 7/64, 1/8, 9/64, 5/32, 3/16, 7/32 & 1/4). Set includes plastic storage / carry case.

    • Here in Finland you can buy torx-screwdrivers from any store that sells any kinds of screwdrivers, ie. even your average small-time store has those. Hell, you'd actually be somewhat hard-pressed to find a screwdriver kit without torx. I really have a hard time believing finding torx-tools in the U.S. is that much more difficult.

  • Torx? Secure? Is this some kind of security through obscurity that this company are obviously so good at?

    I've lost count at the number of torx screwdriver sets I have.

  • Sweet. (Score:5, Funny)

    by Impy the Impiuos Imp (442658) on Wednesday August 22, 2012 @04:49AM (#41078747) Journal

    > "as well as more-obscure Torx screws to prevent intruders from
    > opening the lock's case and removing the plug"

    Because nobody capable and determined enough to rig up the electronic interface for $50 can handle the mental and financial stresses of a $10 Torx set from the hardware store.

    "Well, we got the device. Open it up."

    "Whoa! What kind of screws are these?"

    "Lemme look -- MY GOD, IT'S FULL OF STARS!"

  • by twosat (1414337) on Wednesday August 22, 2012 @05:07AM (#41078811)

    I remember reading years ago about Matt Blaze, a security researcher at AT&T Labs-Research who discovered how to create a master key from a key and a lock which is opened by it. His method was a trade secret used by many locksmiths, which pissed them off when he publicised it.

    http://it.slashdot.org/story/03/01/23/0359230/att-identifies-widespread-security-hole---in-locks [slashdot.org]

    http://www.nytimes.com/2003/01/23/business/many-locks-all-too-easy-to-get-past.html [nytimes.com]

  • Hotel In room "safe" (Score:5, Informative)

    by trout007 (975317) on Wednesday August 22, 2012 @05:13AM (#41078827)

    I was staying in Marriott and they have a small in room safe. Its the kind with a digital keypad where you select your own code. I put stuff in there while we went to the pool.

    When we got back I guess one of the kids was playing with it and it stopped responding because they pressed too many buttons. So I looked it up online. All I had to do was press "lock" twice to enter supervisor mode then 999999 and it opened the safe bypassing my code.

    So don't use those safes for anything real valuable. Next time I have to play around with supervisor mode to see if I can change that password.

    • by srussia (884021) on Wednesday August 22, 2012 @05:33AM (#41078897)

      All I had to do was press "lock" twice to enter supervisor mode then 999999 and it opened the safe bypassing my code.

      "six-nines" availability!

    • by isorox (205688)

      I was staying in Marriott and they have a small in room safe. Its the kind with a digital keypad where you select your own code. I put stuff in there while we went to the pool.

      When we got back I guess one of the kids was playing with it and it stopped responding because they pressed too many buttons. So I looked it up online. All I had to do was press "lock" twice to enter supervisor mode then 999999 and it opened the safe bypassing my code.

      So don't use those safes for anything real valuable. Next time I have to play around with supervisor mode to see if I can change that password.

      If I'm staying in a dodgy city for a period of time, I spread the risk. £100 and passport copy in the safe, normal wallet and passport on me, and I always keep a credit card in my dirty laundry in the suitcase just in case.

    • by trout007 (975317)

      I forgot. I took a video of it. It's a Safemark safe.

      http://youtu.be/UYjJuE7l7VM [youtu.be]

  • If the hack requires someone to physically open up the lock with a screwdriver and pull a plug out from the mechanism, it's not really something that can be done quickly and easily without likely attracting attention. Sure, a screwdriver is a lot less noticeable than say a blowtorch or a hacksaw, but most people would notice it if they were walking down the hallway and wonder what is going on.

    In other words I doubt many people would find this to be a practical hack to employ. They'd likely me more succe
    • by drinkypoo (153816)

      I can remove two security torx screws in five seconds or less with some practice and the right screwdriver. That is a non-fix.

  • The thing about any security issue is you've got to weigh up the cost versus the benefit.

    First off: The hotel doesn't really care about the fact your digital camera might have holiday snaps from your once-in-a-lifetime holiday on there. Nor do they care that you brought your laptop (complete with the only photographs you have of your recently-deceased granny) and haven't backed it up lately.

    All they care about is "How much is failing to fix this going to cost us? Will it be more than the cost of fixing it?"

  • This doesn't affect me because I keep all my valuables in the hotel safe [youtube.com]!
  • by kaizendojo (956951) on Wednesday August 22, 2012 @09:09AM (#41079907)
    that Onity gauranteed the locks to be unhackable. A researcher discovered a flaw, they are offering two solutions to correct it; one free and one (better) for a reduced price. What's the issue? Maybe I'm missing something, but they seem to be acting fairly and responsibly.
  • That hack needs access to a debug/programing interface. Shouldn't that interface have been protected by a _mechanical_ lock in the first place?

Our business in life is not to succeed but to continue to fail in high spirits. -- Robert Louis Stevenson

Working...