Hacker News new | comments | show | ask | jobs | submit login

Once you've already spent the time and money to pull the locks off the doors and replace/add a circuit board, you may as well just drop in the fixed board. That prevents the main vulnerability from functioning, though there's no fix at all for the encryption flaw (but no one has exploited that, nor will they in the near future, if I had to guess).

Not only that, but seeing as the locks don't communicate in any way besides the maintenance port, there's no way to know if they've been tripped without reading them at some regular interval.

The replacement board, in the hypothesized special 'tripwire' assembly, would have added radio-reporting. You only need a few of these super-locks, randomly added to the population of vulnerable locks, to catch any exploitation at scale. That'd both curtail the losses and deter future copycats. ("While you're rifling through the guest's belongings looking for valuables, security is already on its way.")

Sure, but my point is that fixing all the locks in a hotel is expensive.

Fixing just a few per hotel (perhaps 1 per floor), with a tripwire device that reports attempts at exploitation, might be possible at 1/100th the cost. (Most locks aren't even touched.)

Still, anyone exploiting the vulnerability at scale would soon trigger a tripwire. At the very least that lets the hotel know exploitation has begun, and it might help apprehend the burglars almost instantly.

I doubt crooks who think they have a master key will stop at just a few rooms. And once the use of the tripwires to catch a crook is reported, alongside the stories of the vulnerability itself, the expected return to this hack drops way, way down. Even criminals respond to relative risk/reward.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact