Researchers revealed vulnerabilities affecting 3 million Saflok electronic RFID locks utilized in 13,000 hotels and residences globally.
Researchers revealed vulnerabilities affecting 3 million Saflok electronic RFID locks utilized in 13,000 hotels and residences globally. These vulnerabilities enable the researchers to effortlessly unlock any door in a hotel by creating a pair of fraudulent keycards.
A group of researchers including Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana uncovered a set of vulnerabilities, dubbed Unsaflok, in Dormakaba Saflok electronic RFID locks. These vulnerabilities, as outlined by the researchers, can be exploited in a chain to fabricate keycards. Widely adopted, Dormakaba Saflok electronic RFID locks are commonly found in hotels and multi-family housing complexes.
Saflok electronic RFID locks have been deployed across 13,000 properties spanning 131 countries. According to the researchers' estimation, these locks are currently installed on approximately 3 million doors worldwide.
After acquiring a keycard either through booking a room at the hotel or pilfering one from the receptacle of used cards at the reception, the researchers employed a $300 RFID read-write device to capture a code. Subsequently, they duplicated the code onto two keycards, enabling them to access the door.
“An attacker only needs to read one keycard from the property to perform the attack against any door in the property. This keycard can be from their own room, or even an expired keycard taken from the express checkout collection box.” reads a website set up by the researchers. “Forged keycards can then be created using any MIFARE Classic card, and any commercially available tool capable of writing data to these cards. One pair of forged keycards allows an attacker to open any door in the property.”
Initially disclosed by Wired, the researchers received an invitation to participate in a private hacking event held in Las Vegas. At this event, they engaged in competition with other teams to identify vulnerabilities present in a hotel room and all associated devices.
The researchers concentrated their efforts on uncovering vulnerabilities in the Saflok electronic lock installed on hotel room doors. Their investigation led to the discovery of security weaknesses capable of unlocking any door throughout the hotel.
In November 2022, the researchers shared their discoveries with the manufacturer Dormakaba, enabling the vendor to address the vulnerabilities and notify hotels about the security risks without publicly disclosing the issue.
Nevertheless, the researchers emphasize that these flaws have been present for over 36 years. Therefore, although there have been no confirmed instances of exploitation in real-world scenarios, the prolonged exposure duration heightens the likelihood of such occurrences.
"While we are not aware of any real-world attacks that use these vulnerabilities, it is not impossible that these vulnerabilities are known, and have been used, by others," explains the Unsaflok team.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.