Forbes has a story sure to make travelers paranoid: It seems that burglars have begun taking advantage of a bug in the keycard locks used on hotel room doors. Several burglaries using the technique took place at the Houston Hyatt in September, and more are suspected at other Texas hotels, writes Andy Greenberg. Security experts expect more to follow given that the model of lock in question, made by Onity, is used in about 4 million hotel rooms worldwide.
This all started in July when Mozilla software developer Cody Brocious made the flaw public at the Black Hat hacker conference. His intent was to publicize it so hotels and Onity could fix the problem, but that didn't happen, even though Greenberg wrote about it at the time. Instead, Brocious' technique seems to have been refined by burglars, who can build what amounts to their own master key for about $50. The Houston Hyatt has filled a hole in the vulnerable locks with glue, but a longer-term fix remains unclear. It will be expensive, and there's a dispute over whether Onity or the hotels using its locks must pay for the upgrade. Read Greenberg's full story here.