News for the Hospitality Executive |
December
6, 2012 - This morning,
NBC News reporter Jeff Rossen ran a segment on the TODAY Show (available
for viewing here) highlighting Onity lock vulnerabilities. As
part of
the report, independent security consultant Jim Stickley demonstrated
the
hacking device and the ease with which it can be used to gain access to
hotel
rooms.
This nationally-broadcast report may generate sufficient interest with local and regional media outlets for similar stories. As a reminder, below is information on the issue sent earlier this week. Please review this information, which includes a revision to the "What You Can Do" section as well as AH&LA's updated statement. Media
Coverage Regarding Possible Guestroom
Burglaries Attributed to Hotel Room Lock Vulnerabilities
What's Going On There have been several reports of guestroom burglaries attributed to suspects using laptop computers and key cards in California, Florida, and Texas. AH&LA alerted members in July that a hacker had created a device to open Onity guestroom door locks. Members also have reported the use of similar, smaller devices concealed in iPhone cases and Dry Erase marking pen bodies that plug into the door locks. These show up on the lock readout as a “portable programmer” use, but no serial number for the portable programmer is noted. Members have raised concerns that the complimentary cap and security screw mechanical fix being provided by Onity has a technical glitch in newer models. Additionally, members have indicated there are delays in a sufficient number of replacement boards. At the request of the industry, Onity undertook a third-party review of its circuit board fix, which was just provided to the industry last week. Additionally, some chains are conducting their own internal investigations on the security of the circuit boards. Please contact Onity directly at (800) 924-1442 with any questions you may have. What You Can Do
There have been reports of guestroom burglaries attributed to suspects using laptop computers and key cards to open Onity guestroom door locks. The device can be concealed in an iPhone case and a Dry Erase marking pen body and plugs into the door locks. The lodging industry is working closely with Onity to address vulnerabilities identified in certain models of Onity hotel locks. One of the two fixes, a cap and security screw mechanical option, is being provided to hotels by Onity at no cost. Onity is currently requiring all hotels to pay for a second technical fix involving re-flashing and lock control board replacement. The industry is working collaboratively to determine what Onity models are affected, which hotels the locks are installed in, which of the two fixes to obtain, and once received, assigning the employees to implement the fix as quickly as possible. The lodging industry views guest and employee safety as a top priority. According to industry figures for 2011, there are 4.9 million rooms and 52,000 properties in the U.S., which all use different lock vendors and models. In the 30 years since electronic locks were introduced, they have been a great asset to hotel security. The hotel rekeys each time a guest checks in as opposed to replacing actual keys, and the electronic keys allow for an audit trail to identify who has entered the room. To view AH&LA’s award-winning Guest Safety Tips, click here. About the AH&LA
Serving the hospitality industry for a century, AH&LA is the sole national association representing all sectors and stakeholders in the lodging industry, including individual hotel property members, hotel companies, student and faculty members, and industry suppliers. Headquartered in Washington, D.C., AH&LA provides members with national advocacy on Capitol Hill, public relations and image management, education, research and information, and other value-added services to provide bottom-line savings and ensure a positive business climate for the lodging industry. Partner state associations provide local representation and additional cost-saving benefits to members. |
Contact: AH&LA ahla.com |