Hotel Online
News for the Hospitality Executive




Security Breach Affecting 4 Million Hotel Room Locks: NEW ATTACKS REPORTED;
Updated Version of the 'LOCKFIX White Paper' Now Available
 
 
Affected hotel records (location, phone numbers, name…) exposed to the criminal community
as a result of a new attack (November 5th) towards the lock manufacturer's servers;
A truly effective and fully audited solution to re-secure affected Onity locks is independently
provided by OpenWays with a freeware license (LOCKFIX)



Chicago — November 20, 2012
— Aftermath from the recent security breach impacting more than four million electronic door locks installed worldwide continues to wreak havoc on the hotel industry. First disclosed by Forbes.com and presented at the BlackHat security conference in July, hacker Cody Brocious released the necessary technical information and code on his website (http://daeken.com/) to over-ride an Onity lock by using tools disguised inside both a dry erase marker pen and an iPhone Case. Soon afterward, a Crime Alert was issued by a respected hospitality risk management group that reported "actual guestroom burglaries and guest thefts by use of these devices." According to the report: "Multiple rooms have been hit at several hotels". The casualties don't stop there.

On November 5, Brocious published a link on Twitter that facilitated penetration within Onity servers. This made it possible for the criminal community to copy records needed to pinpoint the location of affected hotels that installed the compromised locks. Equally concerning, the infiltrated records provide details that hackers could leverage to perform new attacks via social engineering. Although the breached server-access was eventually closed -- it took an extremely long time to re-secure the servers -- criminals would have had plenty of time to copy records from these exposed hotels.

This new attack demonstrates that the hacker remains extremely focused on Onity, and is likely not to be completed with his attacks on the company and its products. Significant media coverage of these attacks are further energizing the entire hacking community, keeping hotels and travelers at risk.
 
Background of the Attack and Possible Cure
While Onity responded to initial hacker attacks with a proposed plan (http://daeken.com/onitys-plan-to-mitigate-hotel-lock-hack), Brocious publicly challenged the efficiency and security of the possible cure. To date, the company has not been able to provide a complete end-to-end security audit of its full system conducted by independent, and highly reputable security firms. According to security experts, the four-page report provided by Onity is said to be extremely limited, incomplete and non-conclusive. Hotels purchasing the proposed replacement control board as a cure remain extremely exposed to a variation of the initial attack, as the fundamental issues of the locking system are still not resolved and continue to be in the public domain. As part of the proposed plan, hotels are instructed to use a cap secured by a torx screw. This, however, is only a short-term security solution for affected hotels until a long-term and proven fix developed by the manufacturer is applied to all locks. It is recommended to increase physical security at a property when using this temporary fix.
 
Several consequential and serious security threats were not published by the hacker but security experts were able to identify them, further increasing the risk for hotels of new attacks even after having invested in a costly lock control board replacement.

To inform qualified hoteliers about these and other risks, a restricted version of a White Paper is made available upon execution of a confidentiality agreement.

Proven, Audited LOCKFIX available from OpenWays
A truly effective alternative cure developed independently from the lock manufacturer is now available from OpenWays, the world leader in mobile-based access management solutions. LOCKFIX is fully audited by several highly reputable security firms, confirming its effectiveness. Management software, along with the Android smartphone application to use LOCKFIX, is available via freeware license (free of charge license) from OpenWays.
 
"LOCKFIX is the only long-term solution available today to truly cure the affected locks," said Pascal Metivier, OpenWays Founder and CEO. "LOCKFIX addressed the risk related to the incriminated lock communication port breach. It's proven, easy to deploy, highly effective and available immediately from OpenWays."

To view OpenWays' Educational Video, click on the following link:

To request the updated version of the White Paper
that identifies problems with electronic locks installed in more than four million hotel room doors, and offers an independently security audited "LOCKFIX":



About OpenWays

OpenWays is a global solutions provider of mobile-based access-management and security solutions. With offices in Chicago, Las Vegas, Seoul and in Europe, OpenWays provides technology solutions allowing for the secure issuance and delivery of access rights and keys processed via any cell phone operating on any network. The OpenWays solution is truly unique as it is built on the concept of credential dematerialization. The OpenWays mobile room key solution works on ALL the 6.5 billion cell phones in service in the world today. For more information, please contact Andrew Sanders at +1 732 707-1869 or email asanders@openways.com. More information can be found by visiting www.OpenWays.com.
 
OpenWays has developed its cure for the impacted locks independently and no endorsement of the affected lock manufacturer is intended or implied. (*) other major non published security threats were discovered. In the interest of everyones safety, it is OpenWays policy to not publicly disclose security threats. Such “reserved “information will only be made available to pre-qualified hoteliers.

.
Contact:

Barb Worcester
PRPRO /OpenWays
Tel: (440) 930-5770
barbw@prproconsulting.com

or

Andrew Sanders
OpenWays
Tel:  (732) 707-1869
asanders@openways.com


.
Receive Your Hospitality Industry Headlines via Email for Free! Subscribe Here  

To Learn More About Your News Being Published on Hotel-Online Inquire Here

Also See: OpenWays Announcing: MOBILE KEY TRIO with Triple Play Reader Including CAC™, Pure NFC™ and RFID technologies for Upgrading Existing Electronic Locks / November 2012

Hotel Lock Security Breach Affecting Four+ Million Rooms: Educational Video and Updated White Paper Now Available / October 2012

Hotel Lock Security Breach Affecting Four Millions Rooms: White Paper Now Available; Latest security threat is a device hidden inside a dry erase marker pen; News of hotel door locks being breached by hackers has gone viral; Hotels vulnerable to potential attacks are invited to register to receive a White Paper detailing an independently audited cure / October 2012

The Security Breach Affecting Millions of Hotel Rooms Finally Addressed Thanks to the Power of Smartphones; A freeware license is made available to all hotels affected worldwide. / October 2012

Holiday Inn Express Hotel & Suites Duncan, Oklahoma, Opening this Month with Mobile Key by OpenWays; New construction hotel is scheduled to open Sept. 20 with OpenWays' front-desk bypass option that enables travelers to unlock their room doors via mobile device / September 2012

New iPhone 5 Allows Hotel Guests Worldwide to Check In and Open their Room Lock; As anticipated, the newly-launched iPhone 5 is compatible with the Mobile Key by OpenWays Crypto Acoustic Credential (CAC) technology / September 2012

In a Top-to-Bottom Shakedown of How to Make a Difference by Exploiting Best of Breed Solutions, New Chain Ciena Hotels & Suites will Bristle with New Guest Facing and Operational Technology / August 2012

Mobile Services Top Airlines' Priority Lists; To Meet Travelers' Expectations, Hotels Need to Invest in the Same / Andrew Sanders / August 2012

OpenWays Launches NFC Integration with Mobile Key DUAL - 100% Operating with Any Mobile Phone Deployable TODAY / June 2012

MIWA Unveils its Hotel Locks Integrated with Mobile Key by OpenWays; Leading global electronic lock provider partners with OpenWays to bring Mobile Key front desk bypass solution to leading hotel chains around the world / June 2012

'Key' Questions to Consider When Shopping for Future-Proof Locking Solutions with Mobile Phone-Based Front Desk Bypass in Mind / June 2012

Does Your Mobile Presence Measure Up to Guest Expectations? Five Top Tips to Fill the Mobile Gap by Driving Loyalty, Increasing Direct Revenues and Reducing Costs; Use these Top Tips as a guide and visit OpenWays in Booth #2315 at HITEC / Andrew Sanders / June 2012

8 Reasons Why a Mobile Key Front Desk Bypass Solution Aids Travelers' Psychological Health; An article in Psych Central titled '8 Reasons Why Waiting in Line Drives us Crazy' identifies key factors that make waits seem longer; Mobile Key by OpenWays eliminates those eight factors and more / Pascal Metivier / June 2012

Holiday Inn Express Hotel & Suites Marion, Illinois, to Open Doors with Mobile Key by OpenWays; New construction hotel is scheduled to open in early May with OpenWays' front-desk bypass option that enables travelers to unlock their room doors via mobile device / April 2012

DOCOMO interTouch Announcing 'FREEDOM CHECK IN' Powered by OpenWays Mobile Key to Add Front Desk Bypass Solution to its Offering; DOCOMO InterTouch announces its strategic alliance with OpenWays / April 2012

Landmark Luxury Property 'The Hotel' Brussels is First in Belgium to Adopt Mobile Key by OpenWays; Highest building in Brussels is bristling with technology, including offering OpenWays' smartphone apps to allow guests to bypass any front desk line and get straight to their rooms without delay / March 2012

Made Only of Data, Mobile Key by OpenWays is 'Key' to a Greener Earth; There are no keycards greener than the OpenWays Crypto Acoustic Credential that enables hotel guests to unlock their rooms via mobile phone / February 2012

Ciena Hotels & Suites Sees Mobile Key by OpenWays as Key Differentiator for New Brand / February 2012

The Ascott Limited to Assess OpenWays Mobile Key Front Desk Bypass at Citadines Apart'hotels in Lyon and Cannes, France / February 2012

OpenWays Announcing: Mobile Key DUAL© with Pure NFC™ in Cooperation with Nordic Choice Hotels, NOKIA and NXP / January 2012

Mobile Key by OpenWays Named 'Top Innovation' by Lodging Magazine / January 2012

OpenWays CEO, Pascal Metivier, Addressed Hospitality Technology Leaders at HTNG's European Event About Front-desk Bypass Solutions / November 2011

Self-Service = More Service with Mobile Key by OpenWays; Hospitality industry's leading provider of front-desk bypass solutions is equipping mobile-centric travelers with tools that get them to their destination quicker and hoteliers with a means to deliver more services / November 2011

OpenWays Announces Next Generation Mobile Key Apps for Smartphones; Mobile Key Apps now available for ALL smartphone operating systems; Visit OpenWays in Booth #3172 at IH/M&RS Nov. 13-15 in New York / November 2011

OpenWays Introduces 'Mobile Key' for Independent Hotels;To meet the growing demand among non-branded hotels wanting a Mobile Key Front-Desk Bypass Solution, OpenWays is introducing a cost-effective and secure option for Independents that harnesses mobile technologies to reduce costs, improve financials, and drive guest loyalty / October 2011

OpenWays Introduces Mobile Master Key; OpenWays simplifies hotel master key management by harnessing mobile technologies to make all locks 'on line' without costly infrastructure: Visit OpenWays in Booth #3172 at IH/M&RS Nov. 13-15 in New York / October 2011

Delighting Guests Does Not Drive Loyalty; Reducing Their Effort Does; Mobile Key by OpenWays is driving loyalty and brand stickiness by easing check-in/out processes / October 2011

First Impressions Count: Five Things to Set the Scene for Your Guests’ Stay, Make their Arrival More Enjoyable, and Build Loyalty via Convenience and Choice / Andrew Sanders / September 2011

Mobile Key by OpenWays: The 'SMARTER' and 'Greener' Check-In; At HITEC 2011, OpenWays will present -- with Ariane Systems and KABA® Saflok™ -- the 'SMARTEST' check-in solution deployed TODAY! / June 2011

OpenWays Unveils its Next Generation Door Lock Upgrade Module for Mobile Key Front Desk Bypass Service / June 2011

OpenWays and KABA Unveil All-In-One Saflok RFID Lock with Factory-Integrated OpenWays Mobile Key / June 2011

Can Self Service Mean More Service? YES! With OpenWays' Mobile Key / May 2011

Offering Self-Service Options is Key to Hospitality Loyalty; OpenWays is the 'Mobile' Key to Making it Happen / January 2011

iPhone 5 will be Compatible with OpenWays CAC™; All next generation smartphones, including the iPhone 5, Google Android Phones, Windows 7 Mobile Phones, Nokia C7 and N8 Smartphones or Next Generation Blackberry's will be able to operate the OpenWays Crypto Acoustic Credential™ / November 2010

OpenWays: Check In Today All the Way to Your Room Using 'Your' Cell Phone, ANY Model and ANY Carrier / November 2010

Hotel Technology Veteran Andrew Sanders Joins OpenWays as VP Business Development / November 2010

Mobile-Key Platform Displayed at IHMRS Aiding in National Industry GREEN Efforts; There are no key-cards greener than the OpenWays Crypto Acoustic Data Credential that allows hotel guests to check in to their rooms via mobile phone / October 2010

"CHECK IN YOUR WAY" OpenWays Launches New Campaign to Aid Hotels' Mobile Marketing Initiatives / October 2010

OpenWays Mobile Application is Live at a Holiday Inn and Holiday Inn Express Hotel; The world's first mobile front desk bypass solution is up and running at two IHG properties / September 2010

Aitor Agueda Joins OpenWays as VP of R&D; Twenty-five year hospitality and security systems veteran instrumental in designing the most installed and successful electronic-locking systems in North America joins OpenWays to lead R&D efforts; Maurizio Zama promoted to Chief Operating Officer / September 2010

OpenWays Cell Phone Based Front Desk Bypass Solution is Adding to the Business Traveler Experience; HITEC attendees using OpenWays app to enter Guestroom 20X said the mobile room key solution, which gives travelers freedom to completely bypass the front desk by using their cell phone for guestroom access, is ideal for all guests who want to avoid lines at the front desk; Company answers new questions posed at the premier technology event / July 2010

Front-Desk Bypass Cell Phone Solution: OpenWays Announces First Pilots at a Holiday Inn and Holiday Inn Express Hotel; OpenWays and IHG will pilot a new cell-phone-based front desk bypass solution that offers guests the option to use their personal cell phone as a mobile room key / June 2010

OpenWays Mobile Phone Front Desk Bypass Solution Selected for Guestroom 20X at HITEC; Attendees of the 38th Annual Hospitality Information Technology Exposition & Conference will have an opportunity to check into a virtual hotel, bypass the front desk, and open their room door securely using nothing but their cell phone -- any mobile device, any carrier works! / May 2010

OpenWays Opening Doors to Gen Y Travelers Wishing to Bypass Front Desk; Allowing guests to check-in remotely by equipping door locks to open via any cell phone is ideal for attracting this green-conscious, tech-dependent, instant gratification generation / May 2010

OpenWays Selected by Microsoft® to Join Its BizSpark™ Start-Up Program; Developer of the world's first crypto acoustic solution for check-in/out and room access via any mobile phone to receive full Microsoft marketing support, tools, licensing, and global visibility / April 2010

ITB Berlin Attendees Flock to OpenWays' iPhone App for Front-Desk Bypass, Acoustic Room Keys; Attendees at world's largest trade show for the travel industry flocked to see world's first crypto acoustic solution for check-in/out and room access via any guest's mobile phone; OpenWays was one of 11,127 companies from 187 countries that exhibited at the record-breaking event / April 2010

OpenWays Presents its iPhone Application to Bypass Front Desks and Open Room Locks; Mobile solution provider that developed the world's first crypto acoustic solution for check-in/out and room access via any guest's mobile phone announces new services to further enhance operations and guest services. / February 2010

OpenWays Responds to FAQs Regarding its Front Desk Bypass Solutions that Securely Open Hotel Room Doors by Cell Phone; Mobile solution provider that developed the world's first acoustic solution for check-in/out and room access via a guest's mobile phone regardless of type answers hospitality industry's most frequently asked questions / February 2010

100% of the World Cell Phones to Open Doors with OpenWays' Apps; Hospitality's FIRST Check-In /-Out Solution with Mobile Room Key Delivery for ALL Cell Phones is at IH/MRS! / November 2009

4 Billion Cell Phones Now Opening Doors to Better Guest Service Thanks to OpenWays / October 2009

OpenWays Introduces the Fastest and Greenest Way to Check In and Open a Hotel Room Door; Mobile room-key application for ALL cell phones NOW AVAILABLE / October 2009
..
.

To search Hotel Online data base of News and Trends Go to Hotel.OnlineSearch

Home | Welcome | Hospitality News
| Industry Resources

Please contact Hotel.Online with your comments and suggestions.