Hotel burglars suspected of exploiting lock security bug
- 27 November 2012
- From the section Technology
Burglars seem to be exploiting a bug in widely used electronic door locks to steal from hotels.
The bug was first publicised at a hacker conference in July, showing how a simple electronic device could unlock doors in seconds.
A series of thefts from hotels in Texas is being traced to a burglar who unlocked doors with the same technique.
Insurance firms said they expected to be "hit hard" as knowledge of the hack spread among professional thieves.
Independent security researcher Cody Brocious detailed the technique for defeating locks used to secure more than four million doors, at the Black Hat hacker conference in July.
Since his discovery, the technique has been refined by other security researchers, with one squeezing all the electronics to unlock a door into the body of a marker pen.
Forbes reports that burglaries of a few rooms at the Houston Hyatt and three other unnamed hotels in Texas have been traced to thieves exploiting the loophole Mr Brocious discovered.
A letter from the Hyatt to one of the victims revealed that the locks had been picked with a "digital tool".
Mr Brocious' technique involved inserting a digital probe into a small hole on the door lock mechanism that lets an attacker discover the combination for the lock and open it.
A man has been arrested and charged over the burglaries at the Hyatt hotel, but no suspect is in custody for the other thefts.
The Hyatt Houston said it had taken steps to harden doors against attack by filling the tiny hole with thick glue.
Before now Onity, which makes the locks attacked by Mr Brocious, said it was working with customers around the world to remove or replace locks vulnerable to attack. Onity has not released any statement about the latest attacks.
Insurance brokers interviewed by Forbes said they expected knowledge of the vulnerability to spread quickly even though many users of Onity locks have replaced or fixed their locks.
"We're going to get hit hard over the next year," Todd Seiders, a spokesman for Petra Risk Solutions, told Forbes.