Onity provides lock upgrades following hack

Aug. 24, 2012
Company taking 'two-tiered' approach to address vulnerability concerns

Following a presentation by a hacker at last month’s Black Hat cyber security conference in Las Vegas of a potential vulnerability in Onity hotel locks, the company recently announced that it will be taking a "two-tiered approach" to address the issue.

According to a story published by Forbes, the hacker, using less than $50 worth of equipment, was reportedly able to exploit a port located underneath each lock to read their memory and find a decryption key, at which point he was able to gain access to the lock’s firmware.

At the time, Onity, a division of UTC, characterized the methods used by the hacker as "unreliable" and "complex to implement," but said that it was working to develop a firmware upgrade for the affected locks to address the concern.

Last week, the company said that its’ two-tiered approach included a firmware upgrade for its HT and ADVANCE series locks, as well as mechanical cap, offered free of charge to customers that could be inserted into the aforementioned port on HT series locks. Onity said that the cap could not be removed without partially taking apart the lock.

Here is Onity’s full press release:

August 13, 2012 - This is an update to Onity’s previous communications regarding the hacking of certain models of Onity hotel locks. We want to assure you that Onity is working on providing you with a solution that will address any potential risks related to the alleged vulnerability of these locks.

Onity is going to implement a two tiered approach.  The first approach will include providing a mechanical cap, free of charge, to our customers, who have the Onity HT series locks. This mechanical cap will be inserted into the portable programmer plug of the HT series locks. With the existing battery cover in place the mechanical cap will not be removable without partial disassembly of the lock. This will prevent a device emulating a portable programmer from hacking the lock. To further enhance the security of this fix, we will also supply a security TORX screw with each mechanical cap to further secure the battery cover in the lock.

This solution is currently going to production, and should be ready for deployment starting the end of August. 

The second solution Onity will offer to our customers, if they choose to use this option, is to upgrade the firmware of the HT and ADVANCE series locks.  The firmware is currently complete for the HT24 lock, and by early next week should be complete for the entire HT series of locks.  By the end of August we should have the firmware complete for the ADVANCE lock as well.

The deployment of this second solution, for HT series locks, will involve replacement of the control board in the lock.  For locks that have upgradable control boards, there may be a nominal fee. Shipping, handling and labor costs to install these boards will be the responsibility of the property owner.  For locks that do not have upgradable control boards, special pricing programs have been put in place to help reduce the impact to upgrade the older model locks. 

If you are interested in pursuing this solution, have additional questions or require further information, please contact Onity at 1-800-924-1442.

Thank you again for your business and your trust in Onity over the past many years of our relationship

Access Control


Oct. 5, 2009