13cv312Desai 1 cmp - Scott & ScottCase 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 5 of 26 12. Each of the Locks possesses the same design defect at the time of manufacture

Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 1 of 26

UNlTED ST~~A1:~¥JiA COURT

MIDDLE RffJW~~ ~ Af:~

KISHOR ~E~AI in~ividually and on B~~<f HAckfrf.¥~:K all others similarly situated, u.s. OJSTmCT COURT

Plaintiff,

vs.

ONITY, INC., a Georgia Corporation,

Defendant.

t11DDLE Oi9TRICT ALA . )

) CLASS ACTION COMPLAINT ) ) ) ) ) ) ) ) )


Plaintiff Kishor Desai ("Plaintiff") brings this class action complaint against Defendant

Onity, Inc. ("Onity" or "Defendant"), individually and on behalf of a class of all others si_milarly

sitw~.ted, pursuant to Rule 23 of the Federal Rules of Civil ProcedUre, who ptirchased or

otherwise acquired Defendant's Onity HT or Advance series of locks. Plaintiffs allegations

~gainst Defendant are based upon information and belief and upon investigation of Plaintiff's

counsel, except for allegations specifically pertailling to the Plaintiff himself, which are based

upon his personal knowledge.

I. JURISDICTION AND VENUE

1. This Court has jurisdiction over this class action under 28 U.S.C. § 1332(d), that,

under the provisions of the Class Action Fairness Act (''CAP A"), provides federal courts original

jurisdiction over any class action in which any member of a class of plaintiffs is ~ citizen of a

;:)LaLI;; U1U.I;;11;;11L HU111 C11.1J U~;JJ.~;JUUWlL, C111U 1.11 VV111vll 1.111;; 111QLLI;;1 111 vU11UUV~;J1;:>J 1;;.1\.\_,I;;I;;_U;:> 111 1.111;;

aggregate the sum of $5 million, exclusive of interest and costs,

2. The Court has personal jurisdiction over Defendant because Defendant Onity has

sufficient minimmn contacts with this District. Onity is a wholly owned subsidiary of UTC

Climate, Controls & Security, a u:nit of United Technologies Corp. Jurisdiction is appropriate as

Onity intentionally avails itself of the market through its marketing and sales of the products in

the State of Alabama and/or by having such other contacts with Alabama so as to tender the

exercise of jurisdiction over it by the Alabama courts consistent with traditional notions of fair

play and substantial justice.

3. Venue is proper pursuant to 28 U.S.C. §1391 because a substantial part of the

events or omissions giving rise to the claim occurred in this District and because· the Court has

1

·. ~ _._ . ' . ---- ............... --~---···-- _. ____ --· ·-·---.·:·--,..-·--· --...:--------------·--------·------· --··-·-- --·--·-·-··----~


persofl.al Jurisdiction over Defendant. Moreover, Defendant has distributed, advertised, and sold

the products that are the subject of the present complaint in this District.

II. INTRODUCTION

4. This is a putative class action on behalf of individuals seeking compensatory

damages, restitution, and disgorgement of all profits gained by Defendant arising out of the

manufactute and sale of HT and Advance series of electronic key card-operated locks ("Locks")

that were designed, manufactured, marketed, and sold by Defendant. As described in greater

detail below, the Locks suffer from design defects that make them susceptible to opening by use

of homemade devices made from commercially available iterps. The Locks are, therefore,

ineffective and unfit to perform the security function for which they were designed. The Locks

that Plaintiff purchased or otherwise acquired have the design defects complltined of and must be

replaced.

5. In July 2012, at the Black Hat hacker conference in Las Vegas, a security

researcher and Mozilla software developer named Cody Brocious (a.k.a. Baeken) publicly

demonstrated the ability to open any Onity Lock using a homemade device ("bypass

progratnming device"). The bypass programming device he created was able to read the digital

key stored in the Lock's memory and open it in seconds.

6. The bypass programming device operated by replicating the portable

programming device that hotel stAff use to control a facility's Locks. The portable programming

device plugs into the DC port on the underside of the Lock.

7, Creating the bypass programming device requires no technical or electronic

expertise, and it can be created for less than $50 with publicly available items and Internet

tutorials posted to Y ouTube.

2


8. lil September 2012, the glaring secl.lrity vulnerabilities in Onity's Locks were

exploited to perpetrate a series of robberies in hotels in Houston, Texas. Moreover, according to

an article on Forbe!).com, an alert published by the insurance firm Petra Risk Solutions in

October 2012 claimed that several hotels in Texas have had their locks opened with this

technique. 1

9. Onity was aware of a series of break-ins by meC!llS of bypass prograrruning

devices prior to the commencement of this litigation, but did nothing to warn the public or its

clistomets of this known danger. Defendant has failed to take rea,son~ble measures to remedy the

defect.

10. Onity's official reimbursement program in response to the security flaw consisted

of two parts - a quick fix and a permanent solution. The temporary solution was offered to all

consumers and involved iss11ing caps that essentially plug the DC data port. Meanwhile, the

permanent solution was only offered to Onity Lock holders who purchased or otherwise acquired

Locks after 2005. With respect to these customers, Onity offered to provide upgraded circuit

boards at the consumers' expense, which require installation, also at the consumers' expense.

11. Purchasers of Onity's Locks prior to 2005 are not, however, eligible for the

official reimbursement program, even though Locks manufactured prior to 2005 have the same

design defects. Instead, Onity offers to replace the older Locks at a cost of $21 per lock,

including service fees, to victims or to ship free plastic plugs to cover the vulnerable port on the

lock's underside.

http://www.fotbes.com/sites/andygreenberg/2012/11/26/security-flaw.,in.,common-keycard.., locks-exploited-in-string-of-hotel-room-break-ins/ (last accessed on March 28, 2013).

3


12. Each of the Locks possesses the same design defect at the time of manufacture.

and sale, continuing to the present time. As a result of the flaw, the Locks must now be repaired

or replaced.

' 13. Because of the design defects, it is believed that approximately 4 million Locks

are susceptible to opening without a keycard. The universally effective 1,1se of the bypass

programming devices tneans diminished security for millions of guests at hotels that use

Defendant's Locks. It also subjects the hotels that purchased the Locks to liability for loss,

injury or death resulting from a break in.

14. Plaintiff and the Class have been injured by purchasing or otherwise acquiring the

. defective locks and have, and/or will, incur additional costs associated with replacing ot

repairing the defective locks.

III. PARTIES

15. Plaintiff Kishor Desai, a principal at S&K Management, Inc., owns the Express

Inn, a hotel located at 5836 Monticello Drive, Montgomery, Alabama 36117. The Express Inn is

independently owned and is not part of a franchise. At the time Plaintiff Desai purchased the

Express Inn, Onity's Locks were already installed on all of the guest rooms in the hotel.

16. Defendant Onity is organized and exists under the laws of Georgia, with its

corporate headquarters and principal place of business located at 2432 Northmont Parkway,

Suite 1 00, Duluth, Georgi~ 30096. Onity is a citizen of Georgia. Onity was and is doing

business Within this Judicial District.

1 7. Onity manufactures and supplies electronic locks and smart catd systems,

electronic in-room safes, and energy-management systems for use in hotel, motel, and resort

4

Case 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 6 of 26) I

properties, college and university campuses, military fleets and bases, government and corporate

office buildings, healthcare facilities, and cruise ships in the United States and internationally.

18. Defendant claims on its website that "with over 4 million electronic locks

installed worldwide, Onity electronic locking systems are found at over 22,000 properties in 115

countries."

19. As a corporation dedicated to electronic locking solutions, Defendant knew or

should have known that its Locks were defective and negligently designed.

IV. ALLEGATIONS OF FACT

20. Onity is a large manufacturer and supplier of electronic locks and smart card

systems, including the Locks Plaintiff and the Class purchased or otherwise acquired.

21. Defendant's Locks are meant to open only when an electronically programmed

key card is used to open the Lock to gain access to the secured hotel of motel room or other

secured space.

22, The hotel was intended to have the exclusive ability to program the keycards

through the key reader of prograii1mer, which programs cards for use in specific doors. The

intent of the system design is to prevent unauthorized access to guest or resident spaces except

when the room's lock is opened by a properly coded key card.

23. Defendant marketed and sold its Locks to Plaintiff as a system that would allow

access . to secured spaces only upon the opening of the Locks by a properly coded and

programmed key card.

24. Each individual Lock Was equipped with an electronic device that was capable of

reading the proffered key card, and the access port for the placement of the key card is located at

the top of the Lock body or housing just above the door handle.

5


25. At the bottom of the rectangular shaped housing, there was, included in the design

of the lock housing, a DC port that was intended to allow electronic access to the 'Locks' opening

mechanism and was apparently intended to be an emergency access measure. This port is similar

in design to a USB port or a "pin port" coiilmonly used in cell phones and other electronic

devices.

26. In July 2012, at the Black Hat hacker conference in Las Vegas, a security

researcher and Mozilla software developer named Cody Brocious publicly demonstrated the

ability to open any Onity Lock using a homemade "bypass programming device.'' The bypass

programming device he created was able to read the digital key stored in the Lock's memory and

open it in seconds.

27. The bypass programming device operates by replicating the portable

programming device that hotel staff use, which plugs into the DC port on the underside of the

Lock.

28. Defendant's Locks are vulnerable to such attacks because the Locks' memory is

entirely exposed to whatever device attempts to read it through the DC port. Although each

Lock has a cryptographic key that is required to trigger its "open" mechanism~ the string of data

is also stored in the Lock's memory and can be immediately accessed and used to open a door a

fraction of a second later.

29. A second design defect of the Locks stems from Defendant's weak encryption

scheme that allows hackers to derive the "site code" (i.e., the unique numerical key for every

facility) from two cards encoded one after another for the same room. By reading the encrypted

data off of two cards and testing the potential site codes against both cards until the decoded data

6

~--.. . .· . ~ . . .


displays a predictable interval between the two, individu8.Is with bypass programming devices

can use it to create more card keys with a magnetizing device.

30. Creating the bypass programming device requires no technical or electronic

expertise, and it can be made for less than $50 using widely available items and internet tutorials I

posted on Y ouTube. Only two months after the defects were exposed publicly in Las Vegas, the

defects in Omty's Locks were being exploited ih a series of robberies. Houston police arrested

27-year-old Matthew Cook and charged him with theft in a September 7, 2012 break-in at a

Hyatt in Houston; the same individual was listed as a suspect in two other thefts that occurred at

the same hotel within the same week. Following these incidents, the Hyatt franchisee resorted to

plugging the port at the bottom of the Locks with epoxy putty because, at the time, Onity had not

yet implemented a fix for the defects in the Locks? Several other hotels have also been

. . . d 3 vtcttrmze .

31. But for the design defects in Defendant's locks, bypass programtn:ing devices

could not be U:sed to access guest tooins without authorization. Onity should have designed,

manufactured, and sold Locks free from defects.

32. In August 2012, Onity issued a statement in response to the demonstration of the

bypass programming device:

Onity places the highest priority on the safety and security provided by its products. We will continue to support and augment our customers' security strategies.

2 http://www.forbes.com/sites/andygreenberg/2012111/26/security-flaw-in-common..,keycard

locks-exploited-in-string-of-hotel-room-break-ins/ (last accessed Oil Match 28, 2013).

3 Id

7


Irtufiediately following a hacker's public presentation of illegal methods of breaking into hotel rooms, Ornty engineers developed both mechanical and technical solutions, which have been tested and validated by two independent security firms. These solutions began shipping to customers worldwide in August 2012.

As of February 2013, Onity has shipped over four million solutions for locks to hotel properties.

We continue to work to ensure all hotel properties in our database receive the mechanical solution. These mechanical caps and security screws block physical

·access to the lock ports that hackers use to illegally break into hotel rooms. The mechanical solution remains free of charge to customers.

Technical solutions vary depending on the age, model and deployment of locks at properties. Customers cap. call Onity's dedic~ted customer assistance line at 1., 800-924-1442. Our specialists are available to help answer questions related to the mechanical and technical solutions.

http://en.onity.com/support/Pages/Onity-Statement.aspx (last accesser Ma,rch 28, 2013)

~3. Onity's official reimbursement program in response to the security flaw consisted

of two parts a quick fix and a permanent solution. The temporary solution involved issuing caps

that essentially :plug the DC data port. The peirtlanent solution was that Onity would offer its

customers new circuit boards and firmware.

34. Onity, however, requires owners to bea:r the burden of paying for repairing the

defective Locks, including costs for the new circuit boards, labor costs of installation, and

shipping.

35. Furthermore, purchasers of Defendant's Locks prior to 2005 a:re not eligible for

the official reimbursement program even though those Locks have the same defects in design.

Instead, Onity offers to replace the older Locks at a cost of $21 per lock including service fees to

consumers or to ship free plastic plugs to cover the vulnerable port on the Lock's underside,

which do not remedy the defect. Indeed, the plug can easily be removed by any potential thief.


36. On information and belief, despite its public position, Onity purportedly entered

into private agreements with select, large hotel chains to refund all costs associated with

replacing the defective Locks. According to an article in Forbes, some these agreements were

disclosed in internal memos circulated by executives at Marriot, InterContinental Hotels Group,

and Hyatt that were leaked to the public. The full text of one such memo outlining Onity' s

agreement with Marriott Hotels is as follows:

Current Incidents

New and ongoing incidents affecting hotel operations around the world. Onity Door Lock Issue

As communicated in the July 30 Franchise Weekly Update, a hacker claims to have compromised the Onity brand guestroom lock systeii1 with a device containing a circuit board with several wires atu~.ched. However, as comiilunicated in the Oct. 26 memo from Liam Brown and Jim Fisher, the device has since been made to fit inside a dry-erase marker and it is expected that there will be heightened awareness of this issue due to a story on ABC News.

Since these initi~ communications, Onity agreed to extend the following offer to Marriott-m~aged and franchised hotels with Onity locks.

Effective November 28, 2012, Onity will extend the offer below to Marriott franchisees, if the franchisee contacts Onity and agrees to the terms of the offer.

For All Installations: On.ity will provide mechanical caps for HT series locks at no cost to Marriott franchisee. Marriott franchisee will be responsible for the installation.

Post-2005 Installations: Onity will provide the upgraded boards at no charge using one of the following methods:

(1) Onity will send Marriott franchisee refurbished upgraded boards, with the understanding that Marriott franchisee will send Onity the replaced boards upon installation of the upgraded boards. Onity will invoice the Marriott franchisee $11 per board when the refurbished upgraded boards ship and will credit back $11 for each board returned by Marriott franchisee within 30 days and in good working condition.

9


(2) For certain regions outside the United States and Canada, Onity will send Marriott franchisee property upgraded boards without any obligation that the Marriott franchisee return the boards that it replaced; or

(3) Onity will re-flash the advance boards at Marriott franchisee location.

Onity will detertni.ne the appropriate method of deployment as enumerated above. Installation and associated costs for the first and second methods will be the responsibility of the franchisee. ''Upgraded Boards" means new fJ11llWilfe that addresses the hacking methods published at the Black Hat Conference in Las Vegas in July 2012.

Pre-2005 Installations : Franchisees may elect to purchase new boards with the new firmware for US $11.00 per board. Onity will install the new boards at the request of Marriott franchisee for US$10.00 pet door.

Other Terms: Onity will work with franchisees to develop the details ofimplementiilg the above offer. This offer will be effective for twelve (12) months from its acceptance by Marriott franchisee.

Onity's proposal for fra,nchisees is conditjoned on the franchisee's acknowledgement that Onity does not guarantee a lock's invulnerability to hacking.

To take advantage of this offer, or if you have questions, contact Onity directly at 1-800-924-1442.

http://www.forbes.com/sites/an:dygteenberg/2012/12/06/lock-flrtli-onity-starts-to-shell-out-forsecurity-fixes-to-hotels-hackable-locks/ (last accessed on March 28, 2013}.

37. Despite the fact that Defendant has admitted the defects in its Locks and has

purportedly entered into agreements with larger hotel chains, Defendtm.t has refused to replace

the Locks or provide any other compensation to Plaintiff or any Class member.

38. All Class members have suffered the same injury resulting from Defenda,nt's

design defects and have suffered pecuniary harm as a result, including:

(a) Amounts paid for the defectively designed Locks; and

(b) Amounts paid to repair or replace the defectively designed Locks.

10


A Plaintiff Desai

39. At the time Plaintiff Desai bought the Express Inn located m Montgomery,

Alabam::t, Onity locks were already installed on each of the guest rooms.

40. Because of Onity's design defects, all of the Onity locks installed at the Express

IQ.Il are defective and unfit for their intended use.

41. In a letter to Plaintiff Desai da.ted December 14, 2012, Onity North America

. General Manager Greg Morris wrote:

Dear Valued Customer:

This is an important update regarding recent improvements to our HT and Advance Series of locks.

As you may know, hackers have targeted electronic hotel locks by publishing methods to illegally break into hotel rooms. While this activity is clearly troubling, We continue to look for ways we can augment our customers' security strategies.

Mechanical and technical improvements for all affected locks have been tested and validated by independent security fitms, and began shipping to customers worldwide in August 2012. As ofNovember 30,2012, Onity has shipped solutions for 1.4 million locks to customers.

Information regarding the mechanical and technological solution options for your HT and Advance series locks can be folind below. Please contact us directly at our dedicated support line for the tnost up .. to-date information at 1-800-924-1442. We have specia.Hsts ready to work directly with you on your specific property needs.

As always, Onity continues to place the highest priority on the safety and security of its products. We ate committed to supporting you.

* * *

HT Series Locks

Onity is shipping mechanical security solutions for HT series locks to all hotel properties that have not already ordered them. Mechanical caps and security screws block physical access to the DC lock port$ that the hackers use to illegally

11


break into hotel rooms. Onity provides the caps, security screws, and tool free of charge. The mechanical solution can be installed by hotel staff accustomed to replacing batteries and other routine lock maintenance.

As of November, 2012 Oz:llty has shipped 1.4 million solutions for locks to hotel properties. While this represents a significant portion of locks affected, we have decl.ded to accelerate the distribution of technical solutions. Over the next several weeks, we will ship this solution to hotel properties in OlJI database that have not already requested the mechanical solution.

42. Plaintiff Desai received the "mechanical solution" caps sent by Onity, which are

essentially plastic plugs to stick into the DC port. The plugs that Onity sent to Plaintiff Desai are

che~p, removable, and wholly inappropriate to correct the Locks' design defects.

• +H -,_._,,

t' '·· ••• :_

-............ ,.. ' - ·~ -~ ~·~,::;: ... ~:-~ -.+ "

'"'"'*·· .. .,., ... ,"" -- .... --~--

- ... ~ ~ --- • .. ::::·: ' - + + +' ...... +

-~~ --·~-~---~~c-'--~

(The "mechanical solution" sent by Onity to Plaintiff Desai)

43. In order to receive the new circuit boards, Defendant required Plaintiff Desai to

pay $15 per circuit board in addition to the cost of shipping.

12


V. CLASS ALLEGATIONS

44. Pl13.intiff brings claims pursuant to Federal Rule of Civil Procedure 23 individually

and on behalf of the following nationwide consumer class (the "Class"):

All persons who purchased or otherwise acquired Defendant Onity's HT or Advance series locks. Specifically excluded from this Class are Defendant;. the officers, directors, or employees of Defendant; any entity in which Defendant has a controlling interest; and arty affiliate, legal representative, heir, or assign of Defendant; Also excluded from the Cla.Ss are arty federal, state, or local governmental entities, any judicial officer presiding over this action and the members of his/her immediate family and judicial staff, and any juror assigned to this action.

45. The Class is sufficiently numerous as Defendant Onity manufactured over four

million Locks. Thus, joinder of such persons in a single action or bringing all members of the

Class before the Court is impracticable for purposes of Rule 23(a)(l) of the Federal Rules of

Civil Procedure. The disposition of the Class members' claims in this class action will

substantially benefit both the parties and the Court.

46. The Class is readily ascertain~:~,ble through Defendant's business records. Notice

can be provided to Class members through the mail and/or by publication on the internet, )

newspapers, and mag~nes.

47. There are questions oflaw and fact common to the Class for purposes of Federal

Rule of Civil Procedure 23(a)(2). Defendant's representations were supplied uniformly to all

members of the Class, so that the questions of law and fact are cormfion to all members of the

Class. All Class members were and are similarly injured by having purchased or otherwise

acquired defective Locks for their intended and foreseeable purpose as promoted, sold, marketed,

advertised, packaged, and labeled by Defendant as set forth in detail herein, and the relief sought

herein is common to Plaintiff and other members of the Class.

13


48. Plaintiff asserts claims that are typical of the claims of the entire Class for

purposes of Federal Rule of Civil Procedure 23(a)(3). Plaintiff and all Class members have been

subjected to the same wrongful conduct because they have purchased or used Locks based on the

reliability and security that Defendant represents. Plaintiff and the Class have thus all purchased

or otherwise acquired defective Locks. Moreover, Defendant has purportedly entered into

agreements with large hotel chains such as Marriott for restitution and compensatory damages.

49. Plaintiff will fairly lU}d adeql!ately represent and protect the interests of the other

Class members for plirposes of Federal Rule of Civil Procedure 23(a)(4). Plaintiff has no

interests lU}tagonistic to those of other Class members. Plaintiff is committed to the vigorous

prosecution of this action and have retained counsel experienced in litigation of this nature to

represent them. Plaintiff anticipates no difficulty ir1 the management of this litigation as a class

action.

50. Class certification is appropriate under Federal Rule of Civil Procedure 23(b)(2)

beca:use Defendant has acted on grounds that apply generally to the Class, so that final injunctive

relief or corresponding declaratory relief is appropriate respecting the Class as a whole.

51. Class certification i_s appropriate under Federal Rule of Civil Procedure 23(b)(3)

because COilllllOn questions of law and fact substantially predominate over arty questions that

may affect only individual members of the Class. Among these common questions of law and

fact ate:

(a) whether Defendant made misrepresentations m connection with the

promotion, marketing, and sale of its Locks;

(b) whether Defendant's Locks were defectively designed;

14


(c) whether Defendant represented that its Locks were mailufactured for their

intended purpose, were secure, and would only open when keycards

programmed by the hotel were inserted;

(d) whether Defendant's Locks are unfit for their intended use;

(e) whether Defendant failed to warn Class members that the safety

mechanism of the Locks could be bypassed;

(f) whether Defendant concealed info@ation and the nature of the defects

from the Class members;

(g) whether Defendant engaged in the alleged condtJct knowingly, recklessly,

or negligently;

(h) the amount of monies or other obligations lost by Plaintiff and Class

members as a result of such Wrongdoing;

(i) whether Plaintiff and Class members are entitled to declaratory,

injunctive, and/or other equitable relief;

G) whether Class members are entitled to payment of actual, incidental,

consequential, exemplary, and/or statutory damages plus interest thereon;

and

(k) whether Class members are entitled to disgorgement and restitution.

52. Proceeding as a class action provides substantial benefits to both the parties and

the Court because this is the most efficient method for the fair and efficient adjudication of the

controversy. Class members have suffered and will suffer irreparable harm and damages as a

result of Defendant's wrongful conduct Because of the nature of the individual Class members'

claims, few, if any, could or would otherwise afford to seek legal redress against Defendant for

15


the wrongs complajned of herein, and a representative class action is therefore appropriate, the

superior method of proceeding, and ess~ntial to the interests of justice insofar as the resolution of

Class members' claims is concerned. Absent a representative class action, Class members would

continue to suffer losses for which they would have no remedy, and Defendant would unjustly

retain the proceeds. Even if separate actions could be brought by individual members of the

Class, the resulting multiplicity of lawsuits would cause undue hardship, burden, and expense for

\ the Court and the litigants, as well as create a risk of inconsistent rulings which might be

dispositive of the interests of the other Class members who are not parties to the adjudications

andlot may substantially impede their ability to protect their interests.

VI. TOLLING AND ESTOPPEL

53. Plaintiffs causes of action did not arise until Plaintiff discovered, or by the

exercise of reasonable diligence should have discovered, that they were injured by Defendant'.s

wrongful conduct as described above. Because Defendant concealed and did not disclose the

fact that the Locks were defectively designed, Plaintiff did ilot discover and could not have

discovered this fact through reasonable diligence.

54. The applicable statutes of limitations have been tolled by Defendant's knowing

and active concealment of the material fact that the Locks have a defective design, and by

Defendant's affirmative misrepresentations that the Locks were reliable and secure. Defendant

intentionally kept Plaintiff and the members of the Class ignorant of information vital to pursue

their claims, without any fault or lack of diligence on the part of Plaintiff a:nd the members of the

Class. Plaintiff and the members of the Class could not reasonably have discovered the fact that

the Locks are vulnerable to programming manipulation through the DC ports as described above.

16


55. Defendant was and still is under a continuous duty to disclose to Plaintiff and

members of the Class defects in its Locks that make them unsafe or Urifit for use. Defendant

knowingly concealed and misrepresented the security and reliability of its lock system, includirlg

the fact that the Locks could be easily opened through the use of a simple hack. Plaintiff and the

members of the Class reasonably and in good faith relied upon Defendant's affil1Ilative

misrepresentations and knowing and/or active concealment.

56. Based on the foregoing, Defendant is estopped from relying on any statutes of

limitation in defense of this action because it did not repair the defects prior to placing the Locks

in the stream of commerce.

VII. CLAIMS FOR RELIEF

FIRST CLAIM FOR RELIEF (Negligent Design)

57. Plaintiff realleges each and every allegation contained above as if fully set forth

herein and further allege as follows.

58. As the designer of the Locks, Onity owed a duty to end users or consumers to

provide a lock that was reasonably safe for its intended and reasonably foreseeable uses.

59. The Locks designed by Onity are defective and unreasonably dangerous when put

to their intended and reasonably foreseeable uses.

60. The Loqks are vulnerable to bypass because of the unprotected access port located

at the bottom of the lock housing.

61. Defendant's Locks are vulnerable to such attacks because the Locks' memory is

entirely exposed to whatever device attempts to read it through the DC port. Though each Lock

has a cryptographic key that is required to trigger its "open" mechanism, the string of data is also

17


stored in the Lock's memory and can be immediately accessed and used to open a door a fract.ion

of a second later.

62. A second design defect of the Locks stems from Defendant's weak encryption

scheme that allows hackers to derive the "site code"- the uniq1.1e mn:nerical key for every facility

- from two cards encoded one after another for the same room. By reading the encrypted data

off of two cards and testing the potential site codes against both cards t,llltil the decoded data

displays a predictable interval between the two, individuals with bypass programming devices

can use it to create more card keys with a magnetizing device.

63. Because of this foreseeable method for gaining unrestricted access to secured

spaces, Onity's Locks are defective and unreasonably dangerous when put to their intended and

reasonably foreseeable uses.

64. These design defects existed in all of the Locks from the time of their design,cmd

remained in each Lock when it was placed into the stream of commerce.

65. All of Defendant's Locks reached their end users without any substantial change

\

in their origin~l design condition.

66. Onity, as the designer of the Locks, knew or reasonably should have known or

should have foreseen the risk of unauthorized access posed by the design of these lock systems.

67. Onity negligently or recklessly and wantonly failed to properly design the Lock_s.

68. Onity negligently or recklessly and wantonly failed to recognize or foresee the

risk of liilauthorized access posed by the unprotected DC port located at the bottom of each Lock

and the weak encryption scheme that returns data in predictable intervals. A reasonable designer

of an electronic lock system would not have left such vulnerabilities unguarded.

69. Onity has breached its duty of reasonably safe design in regard to its Locks.

18


70. Plaintiff has suffered injuries, including the costs of replacing or repairing the

Locks in order to render them safe for reasonable use.

71. The damages sustained by Plaintiff and Class members were a proximate result of

the defects in the design ofOnity's Locks.

72. Defendant is strictly liable to Plai_ntiff and Class members.

SECOND CLAIM FOR RELIEF (Negligence)

73. Plaintiff realleges each and every allegation contai11ed above as if fully set forth


74. Defendant was negligent in designing, testing, manufacturing, marketing, and

selling the Locks with defects.

75. Defendant knew of said defects, yet Defendant has failed in its duty to recall these

devices ot to alert the public and users of the Locks of the dangers posed by the security

vulnerabilities and to pay for replacement of the Locks.

76. At the time Defendant manufactured, distributed, and sold the Locks, it owed a

duty to purchasers a:nd users to exercise ordinary and reasonable care to properly design the

Locks, and it owes a continuing duty to warn and repair or replace defective Locks.

77. Had Defendant exercised proper care and skill in the foregoing matters, Plaintiff

would not have defective Locks and would not have suffered the damages and costs resulting

therefrom.

78. As a proximate result of the Defendant's negligence, Plaintiff and members of the

Class suffered arid continue to suffer immediate damages _ and loss in the form of security

breaches, loss to reputation, loss in business, and the costs of replacement or repair of defective

Locks.

19


THIRD CLAIM FOR RELIEF (Breach of Implied Warranty)

79. Plaintiff tealleges each and every allegation contained above as if fully set forth


80. The Uniform Commercial Code §2-314 provides that unless excluded or

modified, a warranty that the goods shall be merchantable is implied in a contract for their sale if

the seller is a merchant with respect to goods of that kind.

81. Defendant manufactured, marketed, and sold the Locks and represented that the

Locks Were fit for use to secure hotel guest rooms and other secure facilities. Contrary to s-uch

representations, Defendant failed to disclose that the Locks were defective as they were

susceptible to bypass programming devices through its exposed DC port and could be opened by

u,na~thorized persons.

82. At all times, Alabama and the following 48 states listed below, including the

District of Columbia, have codified and adopted the provision_s of the Uniform Commercial Code

governing the implied warranty of merchantability: Ala. Code §7-2-314; Alaska Stat

§45.02.314; Ariz. Rev. Stat Ann. §47-2314; Ark. Code Ann. §4-2-314; CaL Com. Code §2314;

Colo. Rev. St §4-2-314; Conn. Gen. Stat. Ann. §42a-2-314; 6 DeL C. §2-314; D.C. Code §28:2-

314; Fla. Stat. Ann. §672.314; Ga. Code Ann. §IJ-2.,-314; Haw. Rev. Stat §490:2-314; Idaho

Code §28-2-314; 810 IlL Comp. Stat Ann. 5/2-314; Ind. Code Ann. §26-1-2-314; Iowa Code

Ann. §554.2314·; Kan. Stat. Ann. §84-2-314; Ky. Rev. Stat. Ann. §355.2-314; La. Civ. Code

Ann. art. §;2520; 11 Me. Rev. Stat Ann. §2-314; Md. Code Ann. §2-314; Mass. Gen. Laws Ch.

106 §2-314; Mich. Comp. Laws Ann. §440.2314; Minn. Stat Atm. §336.2-314; Miss. Code Ann.

§75,.2-314; Mo. Rev. Stat· §400.2-314; Mont. Code Ann. §30-2-314; Nev. Rev. Stat. U.C.C

20


§104.2314; N.H. Rev. Ann. §382-A:2-314; N.J. Stat. Ann. §12A:2-314; N.M. Stat. Ann_. §55-2-

314; N.Y. U.C.C. Law §2-314; N.C. Gen. Stat. Ann. §25-2-314; N.D. Stat §41-02.,314; Ohio

Rev. Code Ann. §1302.27; Okla. Stat. tit. 12A §2-314; Or. Rev. Stat. §72.3140; 13 Pa. Stat. Ann.

§2314; R.I. Gen. Laws §6A-2-314; S.C. Code Ann. §36,.2-314; S.D. Stat. §57A-2-314; Tenn.

Code Ann. §47-2-314; Tex. Bus. & Com. Code Ann. §2-314; Utah Code Ann. §70A-2-314; Va.

Code §8.2-314; Vt. Stat. Ann. 9A §2-314; W.Va. Code §46-2-314; Wash. Rev. Code §62A 2-

314; Wis. Stat. Ann. §40Z.314 and Wyo. Stat. §34.1-2-314.

83. As designer, manufacturer, producer, marketer, and seller of electronic lock

systems, Defendant is a "merchant" within the meaning of the various states' commercial codes

governing the implied warranty of merchantability.

84. Fll.rther, Defendant is a merchant with respect to Locks. Defendant designed,

manufactured, distributed, marketed, and/or sold the Locks and represented to Plaintiff and the

Class th~t it manufactured high quality Locks that comply with all applicable state and federal

regulations. Further, Defendant, by selling Locks to Plaintiff and the Class, has held itself out as

a retailer of high quality electronic lock systems that comply with all applicable state and federal

regulations and, in fact, derives ~ substantial amount of revenues from the sale of lock systems.

85. The Locks are "goods," as defmed in the various states' commercial codes

governing the implied warranty of merchantability.

86. As a merchant of the Locks, Defendant knew that purchasers relied upon it to

design, manuf~cture, and sell security products that were reasonably safe and would not

endanger the safety of users.

21


87. Defendant designed, manufactured, and sold Locks to consumers such as Plaintiff

and the Class. It knew th_at such electronic keycatd Locks would be used to secure hotel rooms

and other locations.

88. The Defendant specifically represented in its marketing and advertising that its

electronic lock systems were of high quality, safe, and complied with state and federal

regulations.

89. At the time that Defendant designed, manufactured, sold, and/or distributed the

Locks, Defendant knew the purpose for which the Locks were intended and impliedly warranted

that the Locks were of merchantable quality; were suitable for the purpose of securing spaces

against intruders; were free of design defects; and were safe and fit for their ordinaty pUrpose -

as locks meant to protect persons and spaces from intruders.

90. Defendant breached its implied warranties in connection with the sale of Locks to

Plaintiff and members of the Class. The Locks were not safe and fit for their ordinary purposes

and intell.ded uses as security devices and were defectively designed such that anyone could

bypass its system and open the Locks through the exposed DC port on the underside of the

Locks.

91. Defendant had actual knowledge that the Locks had design defects prior to, or at

least by the date of, the public demonstration in August 2012 that the Locks were not fit for their

ordinary purpose and Plaintiff was therefore not required to notify Defendant of its breach. If

notice is required, Plaintiff and the Class have adequately provided Defendant of such notice

through the filing of thi_s lawsuit.

92. As a direct and proximate result of Defendant's breach of implied warranties,

Plaintiff and other members of the Class have been injured including, but not limited to the

22


increased risk of security breaches from the Locks, the costs associated with repair, a,nd/or

replacement of the defective Locks.

VII. PRA YER\FOR RELIEF

WHEREFORE, Plaintiff and tbe Class pray for relief as follows:

A. That the Court determine that the claims alleged herein may be maintained as a

class action under Rule 23(a), (b )(2) and (b )(3) of the Federal Rules of Civil Procedure;

13. That the Court adjudge and decree that Defendant has engaged in the conduct

alleged herein;

C. That Defendant be petfilanently enjoined and restrained from, in any manner,

directly or indirectly, continuing, maintaining, or engaging in the unfair, unlawful, and/or

deceptive practices alleged herein;

D. That Plaintiff and the Class members be awarded damages, including the cost of

replacing the defective Locks;

E. That Plaintiff and the Class members be awarded cornpensatory damages for

repairs, installation, and any other costs associated with repairing or replacing the defective

Locks;

F. that Plaintiff and the Class members be awarded both pre-and post-judgment

interest at the maximum allowable rate on any amoUrtts awarded;

G. That Plaintiff and the Class. members recover their costs of suit, inclucling

reasonable attorneys' fees and expenses as provided by law; ancl

H. That Plaintiff and the Class members be awarded such other and further relief as

may be necessary a.nd appropriate.

23


Vll. JURY DEMAND

Pursuant to Rule 38 of the Federal Rules of Civil Procedure lilld the Constitution of the

United States, Plaintiff and the Class members demand a trial by juty fot all issues so triable.

DATED: May_, 2013

G eg . Davi 7031 Halcyon Park Drive Montgomery, AL 36117 Tel: (334) 832-9080 Fax: (334) 409-7001 gldavis@knology .net

Joseph P. Guglielmo SCOTT +SCOTT, ATTORNEYS AT LAW, LLP The Chrysler Building 405 Lexington A venue, 40th Floor New York, New York 10174 Tel: (212) 223-6444 Fax: (212) 223'"6334 [email protected]

David R. Scott SCOTT+SCOTT, ATTORNEYS AT LAW, LLP 156 South Main Street Colchester, CT 06415 Tel: 860-537-5537 Fax: 860-537-4432 [email protected]

Christopher M. Bwke SCOTT+SCOTT, ATTORNEYS AT LAW, LLP 707 Broadway, Suite 1000 San Diego, CA 921 01 Tel: (619) 233-4565 Fax:: (619) Z33-0508 [email protected]

Blaine C. Stevens John M. Maddox STEVENS & MADDOX, PC

24


203 Jamestown Blvd Ste 2 Dothan, AL 36301-6430 stevenslaw21 @aol.com Tel: (334) 793-6493 Fax: (334) 677A650

Manish Hasmukh Patel PATEL & SLEDGE P.O. Box 849 Andalusia, AL 36420-1216

Counsel for Plaintiff

..

25

Documents

13cv312Desai 1 cmp - Scott & ScottCase 2:13-cv-00312-WC Document 1 Filed 05/07/13 Page 5 of 26 12. Each of the Locks possesses the same design defect at the time of manufacture