Scott+Scott, Attorneys at Law, LLP (“Scott+Scott”), has filed an action against Onity, Inc. (“Onity”) on behalf those persons or entities that have purchased or acquired Onity’s HT and Advance series of electronic key card operated locks (“Locks”). Onity manufactures and supplies electronic locks and smart card systems for use in hotel, motel, and resort properties, college and university campuses, military fleets and bases, government and corporate office buildings, healthcare facilities, and cruise ships in the United States and internationally. The complaint alleges that the Locks suffer from design defects that make them susceptible to improper opening through the use of homemade or improvised devices made from commercially available items. The defects in the Locks have been publicized recently, and there have been several incidents where hotel rooms have been burglarized. The complaint seeks replacement of and reimbursement for the Locks.
The complaint alleges that in July 2012, at the Black Hat hacker conference in Las Vegas, a security researcher and Mozilla software developer publicly demonstrated the ability to open any Onity Lock using a homemade “bypass programming device.” Onity’s Locks are vulnerable to such attacks because the Lock’s memory is entirely exposed to whatever device attempts to read it through the DC port on the underside of the Lock (which is similar to a USB port or a “pin port” commonly used in cell phones and other electronic devices). The bypass programming device replicates the portable programming device that hotel staff use, which plugs into the DC port. As a result, according to the complaint, the bypass programming device was able to read the digital key stored in the Lock’s memory and open it in seconds.
The complaint alleges that Onity reportedly has paid to replace the Locks at some large hotel chains – such as Marriott and IHG – but has not agreed to replace the Locks at other hotels. Instead, Onity has offered two solutions. The first solution was a temporary fix that consisted of a cap that plugged into the DC data port. This solution was available to any purchasers of Locks, regardless of when the Locks were purchased. The second solution was that Onity offered its customers new circuit boards, but consumers would need to pay for the circuit boards, shipping, and installation. Consumers who purchased Locks after 2005 were eligible for a partial rebate, but consumers who purchased Locks prior to 2005 were not, even though the Locks contained the same design flaws. The complaint alleges that these two solutions are insufficient and that purchasers of the Locks should be compensated for or offered free replacement locks.
If you own a hotel/motel or other facility that has purchased or acquired Onity Locks and are interested in participating in the lawsuit or have questions, please contact Joseph P. Guglielmo, Esq. at Scott+Scott’s New York office by calling (212) 223-6444 or emailing firstname.lastname@example.org.
Scott+Scott handles matters such as these on a contingency fee basis. This means that Scott+Scott will advance all litigation costs and expenses and will only be compensated if it is successful.