Published November 30, 2012
You might want to think twice about leaving your valuables in the hotel room.
Millions of hotel rooms around the world are believed to be at risk to hacking break-ins after a 24-year-old Mozilla software developer figured out how to pick a widely-used room lock from a company called Onity.
Forbes first reported that the compromise came about because of a security flaw in Onity's hotel door locks, and now hotels are scrambling to make a fix after a string of robberies in Texas.
Some hotels have reportedly resorted to quick fix solutions by putting epoxy putty onto the bottom holes on the locks, or have hired extra security guards.
Hyatt Hotel, one of the properties target in the robberies, told FoxNews.com that safety and security is the primary concern for their guests.
"Hyatt is working together with Onity, our hotel owners, and the hotel industry to ensure that Hyatt properties using Onity locks have a comprehensive solution in place as soon as possible," it said in a statement to FoxNews.com. "Hyatt hotels with the affected model locks implemented various security measures to help mitigate the potential vulnerability. To maintain the integrity of these security systems, we cannot provide specific details about those steps."
The security flaw was first demonstrated by Mozilla software developer Cody Brocious at the Black Hat hacker conference in July. Brocious showed how he could simply unlock a hotel door in a couple of seconds by using tools that cost around $50, which he could easily hide in a dry erase marker pen or an iPhone case.
Just months later -- in September -- a laptop was stolen from the Hyatt hotel room of Dell IT services consultant Janet Wolf via a hack that had been demonstrated by Brocious, Forbes reported. Police later told NBC News that they arrested Matthew Allen Cook on Oct. 31, after the stolen laptop showed up at a pawn shop and employees identified the suspect.
Bruce Schneier is a security technology blogger. He says Onity has a big problem on their hands and guests should be better informed of the situation. "That it is possible that anyone can pick their room lock and enter their hotel room," Schneier says. "Those of us who work in the security of technology know that more technology doesn't necessarily mean more secure. Sadly, this is an example of that," he says.
After the break ins, Onity issued a response that laid out ways customers could perform repairs --while paying out of pocket for the fix. That has since been removed from Onity's website. The company is now suggesting that people call its helpline, which it says was staffed with specialists who can help.
Onity told FoxNews.com that they are working hard to ensure safety and security of its products after the flaw was brought to their attention.
In a statement to FoxNews.com, Onity said, "Immediately following the the hackers public presentation of illegal methods of breaking into hotel rooms, Onity engineers quickly developed both mechanical and technical solutions to address the issue."
The two security firms that tested the solutions are N2Net Security and Applied Communications Services, however Onity did not mention what the solutions are.
"These solutions have been tested and validated by two independent security firms, and are available to customers worldwide. All requests for these solutions have already been fulfilled, or are in the process of being fulfilled," the company said.