A security vulnerability in certain hotel keycard systems, detailed by security researcher Cody Brocious at the Black Hat security conference earlier this year, is thought to be responsible for break-ins at a Hyatt hotel in Houston, Texas.
In September this year a Dell services consultant entered her room to find that her laptop had been taken. There was no sign of forced entry and a scan of the electronic lock’s systems found that none of the staff’s keys were used to access the room. The burglary investigation turned up one of the missing laptops taken from the hotel and a suspect, 27-year-old Matthew Allen Cook, was arrested and charged.
Houston police have not confirmed how Cook supposedly gained access to the rooms but Hyatt franchisee White Lodging reportedly believes that he used the security vulnerability to gain access to the room.
The flaw, found in some 4 million door locks provided by keycard lock manufacturer Onity, allows someone to gain access to a hotel room with hardware to the value of around $50 and a bit of open source software.
Insurance firm Petra Pacific has also reported that at least three other hotels in Texas have been similar break-ins attributed to the flaw. Onity only has one measure in place to secure the at-risk doors, a circuit board replacement that the company is asking affected hotels to cover the cost of performing.
Source: Ars Technica