[daeken]

Even if you fix the vulnerability present in the lock firmware (which you can't do without replacing the Portable Programmer as well), the encryption on the cards is still completely broken.

I've written at length about how this can be fixed; Onity has not yet responded with an effective solution.

(I'm the original researcher)

Edit: Link to my post is here: http://daeken.com/onitys-plan-to-mitigate-hotel-lock-hack Note that their statement about how they would fix it was pulled after Forbes quoted my post.

[markpercival]

Yeah, this is what I found fascinating in your paper(http://demoseen.com/bhpaper.html). I had always wondered how they invalidated the old keys automatically.

[daeken]

Out of curiosity, was that part clear? Writing the section on key rotation and lookaheads took me something like 4 days of editing, and I was never actually happy with it.

[crazypyro]

FWIW, I just read it and it was crystal clear to me.