When you find out that your Kryptonite bike lock can be opened with a Bic pen or that a bug in Java lets malicious websites take over your computer, the fix is in your hands: You send in your lock for a replacement or disable Java in your browser.
But since a hacker demonstrated last summer that keycard locks protecting four million hotel room doors worldwide could be effortlessly opened in seconds with a homemade digital device costing less than $50, keeping yourself safe from those who would exploit that flaw hasn’t been so simple. Hotels, not consumers, have to be relied on to deal with their vulnerable security systems. And Onity, the maker of those ultra-common locks, initially downplayed the threat, deleted information about the hack from its website, and is charging its hotel customers for the replacement hardware necessary for a complete fix.
This is the obvious one: Latching bolt above the lock on your door makes the attack on Onity’s locks irrelevant–at least when you’re in the room. Don’t depend, however, on the deadbolt alone, which in many cases is part of the keycard lock’s mechanism and can be opened with Brocious’s hacking tool.
If your room has a safe, put your valuables in it when you leave. Though Brocious warns that those safes may have their own security flaws–some are also built by Onity–they would likely provide enough of a barrier to any thief that he or she would move on to the next room instead.
Use tamper-evident tape. It may be tempting to stick a wad of chewing gum in the port on the bottom of Onity’s locks. But Brocious suggests a less damaging method of keeping thieves from accessing the lock’s innards: Bring your own roll of tamper evident tape like this, and leave a strip across the bottom of the lock. It won’t actually block someone from using the port, but it will give you a heads-up if someone has. Thieves might prefer to move on to the next target rather than risk leaving behind a clue that could alert a hotel to break-ins.