Onity makes headlines.

[justapeon]

Glad they caught him.

http://www.forbes.com/sites/andygreenberg/2012/11/26/security-flaw-in-common-keycard-locks-exploited-in-string-of-hotel-room-break-ins/

[digip]

Go figure. Someone releases a flaw, and it got used. Onity though, should own up to their shortcomings and replace all of them at their own costs or offer alternatives free of charge and fix all of them on their own dime. They shouldn't be putting the cost on the hotels.

Like auto recalls mentioned in the article, I imagine, if they don't, hotels could get a MAJOR class action suit against Onity, which could end up putting them out of business if no one will ever use them again and a better alternative comes out, such as hotels implementing networked door locks with thumb scanners and hotel biometric scanners at registration desks.

Not sure how well that will go over with customers wanting to give hotels their thumbprint, but even places like Disney Land require the use of thumb scanners now to enter their parks(at least last time we went few years ago). I imagine it could cross reference with criminal databases, but thats just a theory. More than likely its a way to get unique counts for the same person visiting the park and how many times they came back for metrics research, but I can't help but think its used for other things.

Would be interesting if airports, buses, cabs, trains, hotels, and major event places, like sports arenas, were required thumb scanners tied to law enforcement databases. Might help find terrorists or known criminals, but I can also see that quickly becoming a HUGE big brother abuse system. Not to mention, with today's break ins, how easy to frame someone by pulling their ID and adding something in the red against them. Next time they go somewhere that scans them, they get the booby prize, do not pass go, do not collect $200 free trip to the first left corner...

[hfam]

There are a few disturbing notions in there, especially Ms. Wolf's assertion that its Brocious' fault that she got robbed. I get she's pissed, but that seems to be the knee jerk reaction to "hackers" in this day and age, and most of us know nothing could be further from the truth. Brocious did the industry a favor by exposing the weakness. He's not obligated to do anything with that information, and he's certainly entitled to make money off of his findings if he so chooses...that's capitalism, baby! ;)

And how cool is Brocious for a surname? It sounds like an adjective...an awesome adjective.

Brocious (BRO'-shuss)

adj.

1. To be a bro. "Darren picking up that last round of drinks was very brocious."

2. Expression of thanks or admiration for someone who was a bro. "Brocious, man, thanks for the drinks!"

Hell man, if my last name was Brocious, that's what Id change my name to; Brocious....like McLovin, only more legit.

But I digress....good story, I figured thered be a headline soon after I saw his presentation. Sho' 'nuff, like clockwork, the sun rising, and taxes. ;)

[telot]

Awesome follow up to Darren's interview at Blackhat! When I saw that I too thought, "Well, its only a matter of time now...".

Now I'm off to go google this dry-erase marker version! Too cool!

And yes hfam, Brocious is a totally bro-tacular name!

telot

[Pwnd2Pwnr]

I remember watching that clip of Bro and thinking; "The next time I stay in a hotel; I will wedge my door shut with a chair."... It is typical for a company that is not food based to be slow paced into fixing the vulnerabilities. If Betty Crocker released a bunch of ding-dongs or what not that contained e. coli or something; the FDA would prompt an investigation and Betty Crocker would put out a recall.

On the other hand; Onity has known about the vulnerability that exists and they are still aloud to sell that particular product; without an impromptu investigation. It is poor business practice AND I hope that all of the hotels in the world buy their locks from a different company...