Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 1 of 26
UNlTED ST~~A1:~¥JiA COURT
MIDDLE RffJW~~ ~ Af:~
KISHOR ~E~AI in~ividually and on B~~<f HAckfrf.¥~:K all others similarly situated, u.s. OJSTmCT COURT
Plaintiff,
vs.
ONITY, INC., a Georgia Corporation,
Defendant.
t11DDLE Oi9TRICT ALA . )
) CLASS ACTION COMPLAINT ) ) ) ) ) ) ) ) )
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 2 of 26
Plaintiff Kishor Desai ("Plaintiff") brings this class action complaint against Defendant
Onity, Inc. ("Onity" or "Defendant"), individually and on behalf of a class of all others si_milarly
sitw~.ted, pursuant to Rule 23 of the Federal Rules of Civil ProcedUre, who ptirchased or
otherwise acquired Defendant's Onity HT or Advance series of locks. Plaintiffs allegations
~gainst Defendant are based upon information and belief and upon investigation of Plaintiff's
counsel, except for allegations specifically pertailling to the Plaintiff himself, which are based
upon his personal knowledge.
I. JURISDICTION AND VENUE
1. This Court has jurisdiction over this class action under 28 U.S.C. § 1332(d), that,
under the provisions of the Class Action Fairness Act (''CAP A"), provides federal courts original
jurisdiction over any class action in which any member of a class of plaintiffs is ~ citizen of a
;:)LaLI;; U1U.I;;11;;11L HU111 C11.1J U~;JJ.~;JUUWlL, C111U 1.11 VV111vll 1.111;; 111QLLI;;1 111 vU11UUV~;J1;:>J 1;;.1\.\_,I;;I;;_U;:> 111 1.111;;
aggregate the sum of $5 million, exclusive of interest and costs,
2. The Court has personal jurisdiction over Defendant because Defendant Onity has
sufficient minimmn contacts with this District. Onity is a wholly owned subsidiary of UTC
Climate, Controls & Security, a u:nit of United Technologies Corp. Jurisdiction is appropriate as
Onity intentionally avails itself of the market through its marketing and sales of the products in
the State of Alabama and/or by having such other contacts with Alabama so as to tender the
exercise of jurisdiction over it by the Alabama courts consistent with traditional notions of fair
play and substantial justice.
3. Venue is proper pursuant to 28 U.S.C. §1391 because a substantial part of the
events or omissions giving rise to the claim occurred in this District and because· the Court has
1
·. ~ _._ . ' . ---- ............... --~---···-- _. ____ --· ·-·---.·:·--,..-·--· --...:--------------·--------·------· --··-·-- --·--·-·-··----~
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 3 of 26
persofl.al Jurisdiction over Defendant. Moreover, Defendant has distributed, advertised, and sold
the products that are the subject of the present complaint in this District.
II. INTRODUCTION
4. This is a putative class action on behalf of individuals seeking compensatory
damages, restitution, and disgorgement of all profits gained by Defendant arising out of the
manufactute and sale of HT and Advance series of electronic key card-operated locks ("Locks")
that were designed, manufactured, marketed, and sold by Defendant. As described in greater
detail below, the Locks suffer from design defects that make them susceptible to opening by use
of homemade devices made from commercially available iterps. The Locks are, therefore,
ineffective and unfit to perform the security function for which they were designed. The Locks
that Plaintiff purchased or otherwise acquired have the design defects complltined of and must be
replaced.
5. In July 2012, at the Black Hat hacker conference in Las Vegas, a security
researcher and Mozilla software developer named Cody Brocious (a.k.a. Baeken) publicly
demonstrated the ability to open any Onity Lock using a homemade device ("bypass
progratnming device"). The bypass programming device he created was able to read the digital
key stored in the Lock's memory and open it in seconds.
6. The bypass programming device operated by replicating the portable
programming device that hotel stAff use to control a facility's Locks. The portable programming
device plugs into the DC port on the underside of the Lock.
7, Creating the bypass programming device requires no technical or electronic
expertise, and it can be created for less than $50 with publicly available items and Internet
tutorials posted to Y ouTube.
2
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 4 of 26
8. lil September 2012, the glaring secl.lrity vulnerabilities in Onity's Locks were
exploited to perpetrate a series of robberies in hotels in Houston, Texas. Moreover, according to
an article on Forbe!).com, an alert published by the insurance firm Petra Risk Solutions in
October 2012 claimed that several hotels in Texas have had their locks opened with this
technique. 1
9. Onity was aware of a series of break-ins by meC!llS of bypass prograrruning
devices prior to the commencement of this litigation, but did nothing to warn the public or its
clistomets of this known danger. Defendant has failed to take rea,son~ble measures to remedy the
defect.
10. Onity's official reimbursement program in response to the security flaw consisted
of two parts - a quick fix and a permanent solution. The temporary solution was offered to all
consumers and involved iss11ing caps that essentially plug the DC data port. Meanwhile, the
permanent solution was only offered to Onity Lock holders who purchased or otherwise acquired
Locks after 2005. With respect to these customers, Onity offered to provide upgraded circuit
boards at the consumers' expense, which require installation, also at the consumers' expense.
11. Purchasers of Onity's Locks prior to 2005 are not, however, eligible for the
official reimbursement program, even though Locks manufactured prior to 2005 have the same
design defects. Instead, Onity offers to replace the older Locks at a cost of $21 per lock,
including service fees, to victims or to ship free plastic plugs to cover the vulnerable port on the
lock's underside.
http://www.fotbes.com/sites/andygreenberg/2012/11/26/security-flaw.,in.,common-keycard.., locks-exploited-in-string-of-hotel-room-break-ins/ (last accessed on March 28, 2013).
3
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 5 of 26
12. Each of the Locks possesses the same design defect at the time of manufacture.
and sale, continuing to the present time. As a result of the flaw, the Locks must now be repaired
or replaced.
' 13. Because of the design defects, it is believed that approximately 4 million Locks
are susceptible to opening without a keycard. The universally effective 1,1se of the bypass
programming devices tneans diminished security for millions of guests at hotels that use
Defendant's Locks. It also subjects the hotels that purchased the Locks to liability for loss,
injury or death resulting from a break in.
14. Plaintiff and the Class have been injured by purchasing or otherwise acquiring the
. defective locks and have, and/or will, incur additional costs associated with replacing ot
repairing the defective locks.
III. PARTIES
15. Plaintiff Kishor Desai, a principal at S&K Management, Inc., owns the Express
Inn, a hotel located at 5836 Monticello Drive, Montgomery, Alabama 36117. The Express Inn is
independently owned and is not part of a franchise. At the time Plaintiff Desai purchased the
Express Inn, Onity's Locks were already installed on all of the guest rooms in the hotel.
16. Defendant Onity is organized and exists under the laws of Georgia, with its
corporate headquarters and principal place of business located at 2432 Northmont Parkway,
Suite 1 00, Duluth, Georgi~ 30096. Onity is a citizen of Georgia. Onity was and is doing
business Within this Judicial District.
1 7. Onity manufactures and supplies electronic locks and smart catd systems,
electronic in-room safes, and energy-management systems for use in hotel, motel, and resort
4
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 6 of 26) I
properties, college and university campuses, military fleets and bases, government and corporate
office buildings, healthcare facilities, and cruise ships in the United States and internationally.
18. Defendant claims on its website that "with over 4 million electronic locks
installed worldwide, Onity electronic locking systems are found at over 22,000 properties in 115
countries."
19. As a corporation dedicated to electronic locking solutions, Defendant knew or
should have known that its Locks were defective and negligently designed.
IV. ALLEGATIONS OF FACT
20. Onity is a large manufacturer and supplier of electronic locks and smart card
systems, including the Locks Plaintiff and the Class purchased or otherwise acquired.
21. Defendant's Locks are meant to open only when an electronically programmed
key card is used to open the Lock to gain access to the secured hotel of motel room or other
secured space.
22, The hotel was intended to have the exclusive ability to program the keycards
through the key reader of prograii1mer, which programs cards for use in specific doors. The
intent of the system design is to prevent unauthorized access to guest or resident spaces except
when the room's lock is opened by a properly coded key card.
23. Defendant marketed and sold its Locks to Plaintiff as a system that would allow
access . to secured spaces only upon the opening of the Locks by a properly coded and
programmed key card.
24. Each individual Lock Was equipped with an electronic device that was capable of
reading the proffered key card, and the access port for the placement of the key card is located at
the top of the Lock body or housing just above the door handle.
5
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 7 of 26
25. At the bottom of the rectangular shaped housing, there was, included in the design
of the lock housing, a DC port that was intended to allow electronic access to the 'Locks' opening
mechanism and was apparently intended to be an emergency access measure. This port is similar
in design to a USB port or a "pin port" coiilmonly used in cell phones and other electronic
devices.
26. In July 2012, at the Black Hat hacker conference in Las Vegas, a security
researcher and Mozilla software developer named Cody Brocious publicly demonstrated the
ability to open any Onity Lock using a homemade "bypass programming device.'' The bypass
programming device he created was able to read the digital key stored in the Lock's memory and
open it in seconds.
27. The bypass programming device operates by replicating the portable
programming device that hotel staff use, which plugs into the DC port on the underside of the
Lock.
28. Defendant's Locks are vulnerable to such attacks because the Locks' memory is
entirely exposed to whatever device attempts to read it through the DC port. Although each
Lock has a cryptographic key that is required to trigger its "open" mechanism~ the string of data
is also stored in the Lock's memory and can be immediately accessed and used to open a door a
fraction of a second later.
29. A second design defect of the Locks stems from Defendant's weak encryption
scheme that allows hackers to derive the "site code" (i.e., the unique numerical key for every
facility) from two cards encoded one after another for the same room. By reading the encrypted
data off of two cards and testing the potential site codes against both cards until the decoded data
6
~--.. . .· . ~ . . .
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 8 of 26
displays a predictable interval between the two, individu8.Is with bypass programming devices
can use it to create more card keys with a magnetizing device.
30. Creating the bypass programming device requires no technical or electronic
expertise, and it can be made for less than $50 using widely available items and internet tutorials I
posted on Y ouTube. Only two months after the defects were exposed publicly in Las Vegas, the
defects in Omty's Locks were being exploited ih a series of robberies. Houston police arrested
27-year-old Matthew Cook and charged him with theft in a September 7, 2012 break-in at a
Hyatt in Houston; the same individual was listed as a suspect in two other thefts that occurred at
the same hotel within the same week. Following these incidents, the Hyatt franchisee resorted to
plugging the port at the bottom of the Locks with epoxy putty because, at the time, Onity had not
yet implemented a fix for the defects in the Locks? Several other hotels have also been
. . . d 3 vtcttrmze .
31. But for the design defects in Defendant's locks, bypass programtn:ing devices
could not be U:sed to access guest tooins without authorization. Onity should have designed,
manufactured, and sold Locks free from defects.
32. In August 2012, Onity issued a statement in response to the demonstration of the
bypass programming device:
Onity places the highest priority on the safety and security provided by its products. We will continue to support and augment our customers' security strategies.
2 http://www.forbes.com/sites/andygreenberg/2012111/26/security-flaw-in-common..,keycard
locks-exploited-in-string-of-hotel-room-break-ins/ (last accessed Oil Match 28, 2013).
3 Id
7
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 9 of 26
Irtufiediately following a hacker's public presentation of illegal methods of breaking into hotel rooms, Ornty engineers developed both mechanical and technical solutions, which have been tested and validated by two independent security firms. These solutions began shipping to customers worldwide in August 2012.
As of February 2013, Onity has shipped over four million solutions for locks to hotel properties.
We continue to work to ensure all hotel properties in our database receive the mechanical solution. These mechanical caps and security screws block physical
·access to the lock ports that hackers use to illegally break into hotel rooms. The mechanical solution remains free of charge to customers.
Technical solutions vary depending on the age, model and deployment of locks at properties. Customers cap. call Onity's dedic~ted customer assistance line at 1., 800-924-1442. Our specialists are available to help answer questions related to the mechanical and technical solutions.
http://en.onity.com/support/Pages/Onity-Statement.aspx (last accesser Ma,rch 28, 2013)
~3. Onity's official reimbursement program in response to the security flaw consisted
of two parts a quick fix and a permanent solution. The temporary solution involved issuing caps
that essentially :plug the DC data port. The peirtlanent solution was that Onity would offer its
customers new circuit boards and firmware.
34. Onity, however, requires owners to bea:r the burden of paying for repairing the
defective Locks, including costs for the new circuit boards, labor costs of installation, and
shipping.
35. Furthermore, purchasers of Defendant's Locks prior to 2005 a:re not eligible for
the official reimbursement program even though those Locks have the same defects in design.
Instead, Onity offers to replace the older Locks at a cost of $21 per lock including service fees to
consumers or to ship free plastic plugs to cover the vulnerable port on the Lock's underside,
which do not remedy the defect. Indeed, the plug can easily be removed by any potential thief.
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 10 of 26
36. On information and belief, despite its public position, Onity purportedly entered
into private agreements with select, large hotel chains to refund all costs associated with
replacing the defective Locks. According to an article in Forbes, some these agreements were
disclosed in internal memos circulated by executives at Marriot, InterContinental Hotels Group,
and Hyatt that were leaked to the public. The full text of one such memo outlining Onity' s
agreement with Marriott Hotels is as follows:
Current Incidents
New and ongoing incidents affecting hotel operations around the world. Onity Door Lock Issue
As communicated in the July 30 Franchise Weekly Update, a hacker claims to have compromised the Onity brand guestroom lock systeii1 with a device containing a circuit board with several wires atu~.ched. However, as comiilunicated in the Oct. 26 memo from Liam Brown and Jim Fisher, the device has since been made to fit inside a dry-erase marker and it is expected that there will be heightened awareness of this issue due to a story on ABC News.
Since these initi~ communications, Onity agreed to extend the following offer to Marriott-m~aged and franchised hotels with Onity locks.
Effective November 28, 2012, Onity will extend the offer below to Marriott franchisees, if the franchisee contacts Onity and agrees to the terms of the offer.
For All Installations: On.ity will provide mechanical caps for HT series locks at no cost to Marriott franchisee. Marriott franchisee will be responsible for the installation.
Post-2005 Installations: Onity will provide the upgraded boards at no charge using one of the following methods:
(1) Onity will send Marriott franchisee refurbished upgraded boards, with the understanding that Marriott franchisee will send Onity the replaced boards upon installation of the upgraded boards. Onity will invoice the Marriott franchisee $11 per board when the refurbished upgraded boards ship and will credit back $11 for each board returned by Marriott franchisee within 30 days and in good working condition.
9
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 11 of 26
(2) For certain regions outside the United States and Canada, Onity will send Marriott franchisee property upgraded boards without any obligation that the Marriott franchisee return the boards that it replaced; or
(3) Onity will re-flash the advance boards at Marriott franchisee location.
Onity will detertni.ne the appropriate method of deployment as enumerated above. Installation and associated costs for the first and second methods will be the responsibility of the franchisee. ''Upgraded Boards" means new fJ11llWilfe that addresses the hacking methods published at the Black Hat Conference in Las Vegas in July 2012.
Pre-2005 Installations : Franchisees may elect to purchase new boards with the new firmware for US $11.00 per board. Onity will install the new boards at the request of Marriott franchisee for US$10.00 pet door.
Other Terms: Onity will work with franchisees to develop the details ofimplementiilg the above offer. This offer will be effective for twelve (12) months from its acceptance by Marriott franchisee.
Onity's proposal for fra,nchisees is conditjoned on the franchisee's acknowledgement that Onity does not guarantee a lock's invulnerability to hacking.
To take advantage of this offer, or if you have questions, contact Onity directly at 1-800-924-1442.
http://www.forbes.com/sites/an:dygteenberg/2012/12/06/lock-flrtli-onity-starts-to-shell-out-forsecurity-fixes-to-hotels-hackable-locks/ (last accessed on March 28, 2013}.
37. Despite the fact that Defendant has admitted the defects in its Locks and has
purportedly entered into agreements with larger hotel chains, Defendtm.t has refused to replace
the Locks or provide any other compensation to Plaintiff or any Class member.
38. All Class members have suffered the same injury resulting from Defenda,nt's
design defects and have suffered pecuniary harm as a result, including:
(a) Amounts paid for the defectively designed Locks; and
(b) Amounts paid to repair or replace the defectively designed Locks.
10
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 12 of 26
A Plaintiff Desai
39. At the time Plaintiff Desai bought the Express Inn located m Montgomery,
Alabam::t, Onity locks were already installed on each of the guest rooms.
40. Because of Onity's design defects, all of the Onity locks installed at the Express
IQ.Il are defective and unfit for their intended use.
41. In a letter to Plaintiff Desai da.ted December 14, 2012, Onity North America
. General Manager Greg Morris wrote:
Dear Valued Customer:
This is an important update regarding recent improvements to our HT and Advance Series of locks.
As you may know, hackers have targeted electronic hotel locks by publishing methods to illegally break into hotel rooms. While this activity is clearly troubling, We continue to look for ways we can augment our customers' security strategies.
Mechanical and technical improvements for all affected locks have been tested and validated by independent security fitms, and began shipping to customers worldwide in August 2012. As ofNovember 30,2012, Onity has shipped solutions for 1.4 million locks to customers.
Information regarding the mechanical and technological solution options for your HT and Advance series locks can be folind below. Please contact us directly at our dedicated support line for the tnost up .. to-date information at 1-800-924-1442. We have specia.Hsts ready to work directly with you on your specific property needs.
As always, Onity continues to place the highest priority on the safety and security of its products. We ate committed to supporting you.
* * *
HT Series Locks
Onity is shipping mechanical security solutions for HT series locks to all hotel properties that have not already ordered them. Mechanical caps and security screws block physical access to the DC lock port$ that the hackers use to illegally
11
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 13 of 26
break into hotel rooms. Onity provides the caps, security screws, and tool free of charge. The mechanical solution can be installed by hotel staff accustomed to replacing batteries and other routine lock maintenance.
As of November, 2012 Oz:llty has shipped 1.4 million solutions for locks to hotel properties. While this represents a significant portion of locks affected, we have decl.ded to accelerate the distribution of technical solutions. Over the next several weeks, we will ship this solution to hotel properties in OlJI database that have not already requested the mechanical solution.
42. Plaintiff Desai received the "mechanical solution" caps sent by Onity, which are
essentially plastic plugs to stick into the DC port. The plugs that Onity sent to Plaintiff Desai are
che~p, removable, and wholly inappropriate to correct the Locks' design defects.
• +H -,_._,,
t' '·· ••• :_
-............ ,.. ' - ·~ -~ ~·~,::;: ... ~:-~ -.+ "
'"'"'*·· .. .,., ... ,"" -- .... --~--
- ... ~ ~ --- • .. ::::·: ' - + + +' ...... +
-~~ --·~-~---~~c-'--~
(The "mechanical solution" sent by Onity to Plaintiff Desai)
43. In order to receive the new circuit boards, Defendant required Plaintiff Desai to
pay $15 per circuit board in addition to the cost of shipping.
12
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 14 of 26
V. CLASS ALLEGATIONS
44. Pl13.intiff brings claims pursuant to Federal Rule of Civil Procedure 23 individually
and on behalf of the following nationwide consumer class (the "Class"):
All persons who purchased or otherwise acquired Defendant Onity's HT or Advance series locks. Specifically excluded from this Class are Defendant;. the officers, directors, or employees of Defendant; any entity in which Defendant has a controlling interest; and arty affiliate, legal representative, heir, or assign of Defendant; Also excluded from the Cla.Ss are arty federal, state, or local governmental entities, any judicial officer presiding over this action and the members of his/her immediate family and judicial staff, and any juror assigned to this action.
45. The Class is sufficiently numerous as Defendant Onity manufactured over four
million Locks. Thus, joinder of such persons in a single action or bringing all members of the
Class before the Court is impracticable for purposes of Rule 23(a)(l) of the Federal Rules of
Civil Procedure. The disposition of the Class members' claims in this class action will
substantially benefit both the parties and the Court.
46. The Class is readily ascertain~:~,ble through Defendant's business records. Notice
can be provided to Class members through the mail and/or by publication on the internet, )
newspapers, and mag~nes.
47. There are questions oflaw and fact common to the Class for purposes of Federal
Rule of Civil Procedure 23(a)(2). Defendant's representations were supplied uniformly to all
members of the Class, so that the questions of law and fact are cormfion to all members of the
Class. All Class members were and are similarly injured by having purchased or otherwise
acquired defective Locks for their intended and foreseeable purpose as promoted, sold, marketed,
advertised, packaged, and labeled by Defendant as set forth in detail herein, and the relief sought
herein is common to Plaintiff and other members of the Class.
13
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 15 of 26
48. Plaintiff asserts claims that are typical of the claims of the entire Class for
purposes of Federal Rule of Civil Procedure 23(a)(3). Plaintiff and all Class members have been
subjected to the same wrongful conduct because they have purchased or used Locks based on the
reliability and security that Defendant represents. Plaintiff and the Class have thus all purchased
or otherwise acquired defective Locks. Moreover, Defendant has purportedly entered into
agreements with large hotel chains such as Marriott for restitution and compensatory damages.
49. Plaintiff will fairly lU}d adeql!ately represent and protect the interests of the other
Class members for plirposes of Federal Rule of Civil Procedure 23(a)(4). Plaintiff has no
interests lU}tagonistic to those of other Class members. Plaintiff is committed to the vigorous
prosecution of this action and have retained counsel experienced in litigation of this nature to
represent them. Plaintiff anticipates no difficulty ir1 the management of this litigation as a class
action.
50. Class certification is appropriate under Federal Rule of Civil Procedure 23(b)(2)
beca:use Defendant has acted on grounds that apply generally to the Class, so that final injunctive
relief or corresponding declaratory relief is appropriate respecting the Class as a whole.
51. Class certification i_s appropriate under Federal Rule of Civil Procedure 23(b)(3)
because COilllllOn questions of law and fact substantially predominate over arty questions that
may affect only individual members of the Class. Among these common questions of law and
fact ate:
(a) whether Defendant made misrepresentations m connection with the
promotion, marketing, and sale of its Locks;
(b) whether Defendant's Locks were defectively designed;
14
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 16 of 26
(c) whether Defendant represented that its Locks were mailufactured for their
intended purpose, were secure, and would only open when keycards
programmed by the hotel were inserted;
(d) whether Defendant's Locks are unfit for their intended use;
(e) whether Defendant failed to warn Class members that the safety
mechanism of the Locks could be bypassed;
(f) whether Defendant concealed info@ation and the nature of the defects
from the Class members;
(g) whether Defendant engaged in the alleged condtJct knowingly, recklessly,
or negligently;
(h) the amount of monies or other obligations lost by Plaintiff and Class
members as a result of such Wrongdoing;
(i) whether Plaintiff and Class members are entitled to declaratory,
injunctive, and/or other equitable relief;
G) whether Class members are entitled to payment of actual, incidental,
consequential, exemplary, and/or statutory damages plus interest thereon;
and
(k) whether Class members are entitled to disgorgement and restitution.
52. Proceeding as a class action provides substantial benefits to both the parties and
the Court because this is the most efficient method for the fair and efficient adjudication of the
controversy. Class members have suffered and will suffer irreparable harm and damages as a
result of Defendant's wrongful conduct Because of the nature of the individual Class members'
claims, few, if any, could or would otherwise afford to seek legal redress against Defendant for
15
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 17 of 26
the wrongs complajned of herein, and a representative class action is therefore appropriate, the
superior method of proceeding, and ess~ntial to the interests of justice insofar as the resolution of
Class members' claims is concerned. Absent a representative class action, Class members would
continue to suffer losses for which they would have no remedy, and Defendant would unjustly
retain the proceeds. Even if separate actions could be brought by individual members of the
Class, the resulting multiplicity of lawsuits would cause undue hardship, burden, and expense for
\ the Court and the litigants, as well as create a risk of inconsistent rulings which might be
dispositive of the interests of the other Class members who are not parties to the adjudications
andlot may substantially impede their ability to protect their interests.
VI. TOLLING AND ESTOPPEL
53. Plaintiffs causes of action did not arise until Plaintiff discovered, or by the
exercise of reasonable diligence should have discovered, that they were injured by Defendant'.s
wrongful conduct as described above. Because Defendant concealed and did not disclose the
fact that the Locks were defectively designed, Plaintiff did ilot discover and could not have
discovered this fact through reasonable diligence.
54. The applicable statutes of limitations have been tolled by Defendant's knowing
and active concealment of the material fact that the Locks have a defective design, and by
Defendant's affirmative misrepresentations that the Locks were reliable and secure. Defendant
intentionally kept Plaintiff and the members of the Class ignorant of information vital to pursue
their claims, without any fault or lack of diligence on the part of Plaintiff a:nd the members of the
Class. Plaintiff and the members of the Class could not reasonably have discovered the fact that
the Locks are vulnerable to programming manipulation through the DC ports as described above.
16
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 18 of 26
55. Defendant was and still is under a continuous duty to disclose to Plaintiff and
members of the Class defects in its Locks that make them unsafe or Urifit for use. Defendant
knowingly concealed and misrepresented the security and reliability of its lock system, includirlg
the fact that the Locks could be easily opened through the use of a simple hack. Plaintiff and the
members of the Class reasonably and in good faith relied upon Defendant's affil1Ilative
misrepresentations and knowing and/or active concealment.
56. Based on the foregoing, Defendant is estopped from relying on any statutes of
limitation in defense of this action because it did not repair the defects prior to placing the Locks
in the stream of commerce.
VII. CLAIMS FOR RELIEF
FIRST CLAIM FOR RELIEF (Negligent Design)
57. Plaintiff realleges each and every allegation contained above as if fully set forth
herein and further allege as follows.
58. As the designer of the Locks, Onity owed a duty to end users or consumers to
provide a lock that was reasonably safe for its intended and reasonably foreseeable uses.
59. The Locks designed by Onity are defective and unreasonably dangerous when put
to their intended and reasonably foreseeable uses.
60. The Loqks are vulnerable to bypass because of the unprotected access port located
at the bottom of the lock housing.
61. Defendant's Locks are vulnerable to such attacks because the Locks' memory is
entirely exposed to whatever device attempts to read it through the DC port. Though each Lock
has a cryptographic key that is required to trigger its "open" mechanism, the string of data is also
17
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 19 of 26
stored in the Lock's memory and can be immediately accessed and used to open a door a fract.ion
of a second later.
62. A second design defect of the Locks stems from Defendant's weak encryption
scheme that allows hackers to derive the "site code"- the uniq1.1e mn:nerical key for every facility
- from two cards encoded one after another for the same room. By reading the encrypted data
off of two cards and testing the potential site codes against both cards t,llltil the decoded data
displays a predictable interval between the two, individuals with bypass programming devices
can use it to create more card keys with a magnetizing device.
63. Because of this foreseeable method for gaining unrestricted access to secured
spaces, Onity's Locks are defective and unreasonably dangerous when put to their intended and
reasonably foreseeable uses.
64. These design defects existed in all of the Locks from the time of their design,cmd
remained in each Lock when it was placed into the stream of commerce.
65. All of Defendant's Locks reached their end users without any substantial change
\
in their origin~l design condition.
66. Onity, as the designer of the Locks, knew or reasonably should have known or
should have foreseen the risk of unauthorized access posed by the design of these lock systems.
67. Onity negligently or recklessly and wantonly failed to properly design the Lock_s.
68. Onity negligently or recklessly and wantonly failed to recognize or foresee the
risk of liilauthorized access posed by the unprotected DC port located at the bottom of each Lock
and the weak encryption scheme that returns data in predictable intervals. A reasonable designer
of an electronic lock system would not have left such vulnerabilities unguarded.
69. Onity has breached its duty of reasonably safe design in regard to its Locks.
18
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 20 of 26
70. Plaintiff has suffered injuries, including the costs of replacing or repairing the
Locks in order to render them safe for reasonable use.
71. The damages sustained by Plaintiff and Class members were a proximate result of
the defects in the design ofOnity's Locks.
72. Defendant is strictly liable to Plai_ntiff and Class members.
SECOND CLAIM FOR RELIEF (Negligence)
73. Plaintiff realleges each and every allegation contai11ed above as if fully set forth
herein and further allege as follows.
74. Defendant was negligent in designing, testing, manufacturing, marketing, and
selling the Locks with defects.
75. Defendant knew of said defects, yet Defendant has failed in its duty to recall these
devices ot to alert the public and users of the Locks of the dangers posed by the security
vulnerabilities and to pay for replacement of the Locks.
76. At the time Defendant manufactured, distributed, and sold the Locks, it owed a
duty to purchasers a:nd users to exercise ordinary and reasonable care to properly design the
Locks, and it owes a continuing duty to warn and repair or replace defective Locks.
77. Had Defendant exercised proper care and skill in the foregoing matters, Plaintiff
would not have defective Locks and would not have suffered the damages and costs resulting
therefrom.
78. As a proximate result of the Defendant's negligence, Plaintiff and members of the
Class suffered arid continue to suffer immediate damages _ and loss in the form of security
breaches, loss to reputation, loss in business, and the costs of replacement or repair of defective
Locks.
19
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 21 of 26
THIRD CLAIM FOR RELIEF (Breach of Implied Warranty)
79. Plaintiff tealleges each and every allegation contained above as if fully set forth
herein and further allege as follows.
80. The Uniform Commercial Code §2-314 provides that unless excluded or
modified, a warranty that the goods shall be merchantable is implied in a contract for their sale if
the seller is a merchant with respect to goods of that kind.
81. Defendant manufactured, marketed, and sold the Locks and represented that the
Locks Were fit for use to secure hotel guest rooms and other secure facilities. Contrary to s-uch
representations, Defendant failed to disclose that the Locks were defective as they were
susceptible to bypass programming devices through its exposed DC port and could be opened by
u,na~thorized persons.
82. At all times, Alabama and the following 48 states listed below, including the
District of Columbia, have codified and adopted the provision_s of the Uniform Commercial Code
governing the implied warranty of merchantability: Ala. Code §7-2-314; Alaska Stat
§45.02.314; Ariz. Rev. Stat Ann. §47-2314; Ark. Code Ann. §4-2-314; CaL Com. Code §2314;
Colo. Rev. St §4-2-314; Conn. Gen. Stat. Ann. §42a-2-314; 6 DeL C. §2-314; D.C. Code §28:2-
314; Fla. Stat. Ann. §672.314; Ga. Code Ann. §IJ-2.,-314; Haw. Rev. Stat §490:2-314; Idaho
Code §28-2-314; 810 IlL Comp. Stat Ann. 5/2-314; Ind. Code Ann. §26-1-2-314; Iowa Code
Ann. §554.2314·; Kan. Stat. Ann. §84-2-314; Ky. Rev. Stat. Ann. §355.2-314; La. Civ. Code
Ann. art. §;2520; 11 Me. Rev. Stat Ann. §2-314; Md. Code Ann. §2-314; Mass. Gen. Laws Ch.
106 §2-314; Mich. Comp. Laws Ann. §440.2314; Minn. Stat Atm. §336.2-314; Miss. Code Ann.
§75,.2-314; Mo. Rev. Stat· §400.2-314; Mont. Code Ann. §30-2-314; Nev. Rev. Stat. U.C.C
20
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 22 of 26
§104.2314; N.H. Rev. Ann. §382-A:2-314; N.J. Stat. Ann. §12A:2-314; N.M. Stat. Ann_. §55-2-
314; N.Y. U.C.C. Law §2-314; N.C. Gen. Stat. Ann. §25-2-314; N.D. Stat §41-02.,314; Ohio
Rev. Code Ann. §1302.27; Okla. Stat. tit. 12A §2-314; Or. Rev. Stat. §72.3140; 13 Pa. Stat. Ann.
§2314; R.I. Gen. Laws §6A-2-314; S.C. Code Ann. §36,.2-314; S.D. Stat. §57A-2-314; Tenn.
Code Ann. §47-2-314; Tex. Bus. & Com. Code Ann. §2-314; Utah Code Ann. §70A-2-314; Va.
Code §8.2-314; Vt. Stat. Ann. 9A §2-314; W.Va. Code §46-2-314; Wash. Rev. Code §62A 2-
314; Wis. Stat. Ann. §40Z.314 and Wyo. Stat. §34.1-2-314.
83. As designer, manufacturer, producer, marketer, and seller of electronic lock
systems, Defendant is a "merchant" within the meaning of the various states' commercial codes
governing the implied warranty of merchantability.
84. Fll.rther, Defendant is a merchant with respect to Locks. Defendant designed,
manufactured, distributed, marketed, and/or sold the Locks and represented to Plaintiff and the
Class th~t it manufactured high quality Locks that comply with all applicable state and federal
regulations. Further, Defendant, by selling Locks to Plaintiff and the Class, has held itself out as
a retailer of high quality electronic lock systems that comply with all applicable state and federal
regulations and, in fact, derives ~ substantial amount of revenues from the sale of lock systems.
85. The Locks are "goods," as defmed in the various states' commercial codes
governing the implied warranty of merchantability.
86. As a merchant of the Locks, Defendant knew that purchasers relied upon it to
design, manuf~cture, and sell security products that were reasonably safe and would not
endanger the safety of users.
21
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 23 of 26
87. Defendant designed, manufactured, and sold Locks to consumers such as Plaintiff
and the Class. It knew th_at such electronic keycatd Locks would be used to secure hotel rooms
and other locations.
88. The Defendant specifically represented in its marketing and advertising that its
electronic lock systems were of high quality, safe, and complied with state and federal
regulations.
89. At the time that Defendant designed, manufactured, sold, and/or distributed the
Locks, Defendant knew the purpose for which the Locks were intended and impliedly warranted
that the Locks were of merchantable quality; were suitable for the purpose of securing spaces
against intruders; were free of design defects; and were safe and fit for their ordinaty pUrpose -
as locks meant to protect persons and spaces from intruders.
90. Defendant breached its implied warranties in connection with the sale of Locks to
Plaintiff and members of the Class. The Locks were not safe and fit for their ordinary purposes
and intell.ded uses as security devices and were defectively designed such that anyone could
bypass its system and open the Locks through the exposed DC port on the underside of the
Locks.
91. Defendant had actual knowledge that the Locks had design defects prior to, or at
least by the date of, the public demonstration in August 2012 that the Locks were not fit for their
ordinary purpose and Plaintiff was therefore not required to notify Defendant of its breach. If
notice is required, Plaintiff and the Class have adequately provided Defendant of such notice
through the filing of thi_s lawsuit.
92. As a direct and proximate result of Defendant's breach of implied warranties,
Plaintiff and other members of the Class have been injured including, but not limited to the
22
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 24 of 26
increased risk of security breaches from the Locks, the costs associated with repair, a,nd/or
replacement of the defective Locks.
VII. PRA YER\FOR RELIEF
WHEREFORE, Plaintiff and tbe Class pray for relief as follows:
A. That the Court determine that the claims alleged herein may be maintained as a
class action under Rule 23(a), (b )(2) and (b )(3) of the Federal Rules of Civil Procedure;
13. That the Court adjudge and decree that Defendant has engaged in the conduct
alleged herein;
C. That Defendant be petfilanently enjoined and restrained from, in any manner,
directly or indirectly, continuing, maintaining, or engaging in the unfair, unlawful, and/or
deceptive practices alleged herein;
D. That Plaintiff and the Class members be awarded damages, including the cost of
replacing the defective Locks;
E. That Plaintiff and the Class members be awarded cornpensatory damages for
repairs, installation, and any other costs associated with repairing or replacing the defective
Locks;
F. that Plaintiff and the Class members be awarded both pre-and post-judgment
interest at the maximum allowable rate on any amoUrtts awarded;
G. That Plaintiff and the Class. members recover their costs of suit, inclucling
reasonable attorneys' fees and expenses as provided by law; ancl
H. That Plaintiff and the Class members be awarded such other and further relief as
may be necessary a.nd appropriate.
23
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 25 of 26
Vll. JURY DEMAND
Pursuant to Rule 38 of the Federal Rules of Civil Procedure lilld the Constitution of the
United States, Plaintiff and the Class members demand a trial by juty fot all issues so triable.
DATED: May_, 2013
G eg . Davi 7031 Halcyon Park Drive Montgomery, AL 36117 Tel: (334) 832-9080 Fax: (334) 409-7001 gldavis@knology .net
Joseph P. Guglielmo SCOTT +SCOTT, ATTORNEYS AT LAW, LLP The Chrysler Building 405 Lexington A venue, 40th Floor New York, New York 10174 Tel: (212) 223-6444 Fax: (212) 223'"6334 [email protected]
David R. Scott SCOTT+SCOTT, ATTORNEYS AT LAW, LLP 156 South Main Street Colchester, CT 06415 Tel: 860-537-5537 Fax: 860-537-4432 [email protected]
Christopher M. Bwke SCOTT+SCOTT, ATTORNEYS AT LAW, LLP 707 Broadway, Suite 1000 San Diego, CA 921 01 Tel: (619) 233-4565 Fax:: (619) Z33-0508 [email protected]
Blaine C. Stevens John M. Maddox STEVENS & MADDOX, PC
24
Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 26 of 26
203 Jamestown Blvd Ste 2 Dothan, AL 36301-6430 stevenslaw21 @aol.com Tel: (334) 793-6493 Fax: (334) 677A650
Manish Hasmukh Patel PATEL & SLEDGE P.O. Box 849 Andalusia, AL 36420-1216
Counsel for Plaintiff
..
25