Onity, the maker of hotel key readers that are easily hacked and unlocked, may be in the process of subsidizing the cost incurred by its customers to replace the faulty locks.

According to Forbes, memos from some of its top customers indicate that the company is sending out patched circuit boards for its locks. Customers can buy the new hardware from Onity, which will pay back the cost once the customer sends in the compromised circuit board. Its top customers include Marriott and Hyatt.

The trade-in deal is only available for locks purchased after 2005.

Recently, reports circulated about a robbery in a Texas Hyatt involving the Onity locks. A robber stole a laptop out of an HP employee’s hotel room using a hack first uncovered in July. A researcher for Mozilla named Cody Brocious found a way to trick the card readers using an open-sourced piece of hardware he threw together for less than $50. He plugged it into an AC/DC power port below the lock, flipped a switch on the device, and the lock popped open.

We spoke with Onity at the time of the theft. The company reported that its “engineers quickly developed both mechanical and technical solutions to address the issue.” These solutions, according to Onity, have been tested by two separate security firms.  Here’s the full statement:

Onity places the highest priority on the safety and security provided by its products. Immediately following the hacker’s public presentation of illegal methods of breaking into hotel rooms, Onity engineers quickly developed both mechanical and technical solutions to address the issue.

These solutions have been tested and validated by two independent security firms, and are available to customers worldwide. All requests for these solutions have already been fulfilled, or are in the process of being fulfilled.

We are disappointed that hackers are targeting electronic hotel locks and publishing methods to illegally break into hotel rooms under the guise of protecting public safety. We always look for ways we can augment our customers’ security strategies and will continue to do so.

To learn more about these solutions, customers can call Onity’s dedicated customer assistance line, which is staffed with specialists who can immediately help select and implement the best possible solution for that customer’s specific property.

hat tip Ars Technica; Hotel image via Shutterstock

A woman’s hotel room was burglarized due to a known vulnerability in hotel key card readers from Onity, according to Forbes. The robbery occurred at a Hyatt in Houston, Texas.

According to Forbes, Janet Wolf’s laptop was stolen in September after Matthew Allen Cook allegedly used a hack made public at a security conference in July to force the locks and gain access to Wolf’s Hyatt House Galleria room. Cook was arrested and charged with theft.

Mozilla security researcher Cody Brocious first showed off his hack at the Black Hat conference in Las Vegas. Forbes reported the story a week before the conference, saying, Brocious didn’t plan on telling Onity before the presentation. Brocious created a device that plugs into a DC power port on the Onity hotel card readers. He said it cost him less than $50 to make it, and all he needed to do was plug it in, turn it on, and the lock would open.

In order to fix the issue, according to Forbes, the Hyatt House Galleria used putty to fill the holes, blocking off the DC port.

You might wonder why in three months the company hasn’t made a less damaging fix to this vulnerability, but it’s not that simple. It’s not like the key card readers are all linked together and can be updated remotely. In order to fix the reader, Onity would need to develop a new reader that did not have the vulnerability and then get hotels using its readers to replace all of the “compromised” ones. And a lot of those hotels likely don’t have the budget to do a lock upgrade.

We reached out to Onity for comment, but have not heard back from the company.

Hotel lock image via Shutterstock