The company’s response to that epic security bug has two parts–a quick fix,
and a more rigorous one, both of which it plans to make available by the
end of August: First, it’s issuing caps that cover the data port
Brocious’s hack exploited, which can only be removed by opening the lock’s
case. To further stymie hackers who would try to open the locks and remove
that cap, it’s also sending customers new, more obscure Torx screws to
replace those on the cases of installed locks.
The second fix is more substantial: Onity will offer its customers new
circuit boards and firmware that ostensibly fix the problems Brocious
demonstrated–But Onity is asking owners of some models of its locks of
some to pay a “nominal fee” for the fix, while offering others “special
pricing programs” to cover the cost of replacing components. It’s also
asking its customers to cover the shipping and labor costs of making
hardware changes to the millions of locks worldwide.