Latest News | Unlocking Hotel Secrets: The Tale of Unsaflok and Dormakaba's Vulnerabilities
Key to Chaos: How Hackers Can Open Any Hotel Door with Unsaflok
Hackers have discovered a technique called Unsaflok, enabling them to exploit vulnerabilities in Saflok-brand RFID-based keycard locks, potentially granting access to any of the 3 million hotel rooms worldwide utilising these systems.
During a private event in Las Vegas, security researchers experimented with hacking a hotel room, focusing on the lock, leading to the discovery of Unsaflok, a technique exploiting vulnerabilities in Saflok-brand RFID-based keycard locks. This technique, developed by Ian Carroll, Lennert Wouters, and their team, enables an intruder to open millions of hotel rooms globally within seconds. Dormakaba, the lock manufacturer, has been notified, but fixes remain incomplete, leaving many properties vulnerable.
Security researchers discover Unsaflok, a technique exploiting vulnerabilities in Saflok-brand RFID-based keycard locks.
The technique allows intruders to open millions of hotel rooms worldwide within seconds.
Vulnerabilities involve weaknesses in Dormakaba's encryption and the underlying MIFARE Classic RFID system.
Dormakaba has been notified, but only 36% of installed Safloks have been updated to fix the vulnerability.
Exploitation requires possession of a keycard from the target hotel, which is then cloned using a $300 RFID read-write device.
The technique requires knowledge of the property code and reverse engineering of Dormakaba's lock programming devices and front desk software.
Saflok locks controlled by the keycard, including the deadbolt, provide little protection once compromised.
Hotel guests can check for vulnerability using the NFC Taginfo app and should take precautions if their lock is identified as vulnerable.
Avoid such issues:
Lock manufacturers should prioritise security in their designs and regularly update systems to patch vulnerabilities.
Hoteliers should promptly implement fixes provided by manufacturers to secure vulnerable locks.
Guests should be vigilant and inquire about the security measures in place when staying at hotels.
Hotels should consider supplementary security measures such as surveillance cameras and security personnel to deter intrusions.
Regular security audits and testing should be conducted to identify and address potential vulnerabilities proactively.
Source and further reading.
Greenberg, A. (2024, March 21). Hackers found a way to open any of 3 million hotel keycard locks in seconds.
WIRED.
https://www.wired.com/story/saflok-hotel-lock-unsaflok-hack-technique/
Unsaflok. (2024, March 20). Unsaflok.
https://unsaflok.com/
Monnier, M. N. (2019, October 12). An expert lock picker reveals the secret code that makes many hotel safes useless. Apartment Therapy.
https://www.apartmenttherapy.com/an-expert-lock-picker-reveals-the-secret-code-that-makes-many-hotel-safes-useless-36657811