Highlights
- Unsaflok flaw affects Saflok RFID locks in hotels globally.
- Hack involves duplicating keycard data to unlock doors.
- Android NFC capability can mimic keycards for door unlocking.
- Team adopts cautious disclosure to prevent misuse and ensure remediation.
A group of cybersecurity experts has disclosed a significant flaw in hotel keycard systems, dubbed “Unsaflok,” which poses a threat to the security of over three million hotel rooms worldwide.
This vulnerability, identified in the RFID locks manufactured by Dormakaba, known as Saflok, spans across more than 13,000 hotel properties in 161 countries.
The security loophole stems from shortcomings in the encryption and RFID technology utilized by Dormakaba.
Exploiting a Vulnerability
The method for exploiting this vulnerability involves initially acquiring a keycard from the hotel in question, achievable through booking a room or finding a discarded card.
With the aid of an RFID writer-reader, priced around $300, the data on the keycard is duplicated onto two new cards.
These cards, when used sequentially on a hotel room’s lock, manipulate the lock’s data, ultimately unlocking the door.
Interestingly, this hack can also be executed using an Android smartphone equipped with Near-Field Communication (NFC) capability.
By downloading a specific app that emits the necessary signal, the smartphone can replicate the function of the two physical keycards, enabling door unlocking without them.
Breaching Hotel Privacy
This revelation follows a previous security breach presented at the 2012 Black Hat conference in Las Vegas, where a vulnerability in Onity’s lock systems, affecting 10 million locks, was exposed.
Onity’s refusal to fund the necessary updates forced hotels to manage the rectifications independently, a decision that led to the exploit being used for criminal activities, including theft from hotel rooms.
In contrast to the previous incident, the team behind Unsaflok has opted for a more reserved approach in disclosing the full details of their discovery.
Hacker Ian Carroll stated their intention to strike a balance between facilitating Dormakaba’s swift response to the issue and raising awareness among hotel guests.
The team’s concern is that premature full disclosure could enable malefactors to exploit the vulnerability before a widespread understanding and remediation effort is in place.
FAQs
What is the Unsaflok vulnerability?
The Unsaflok vulnerability is a security flaw in the Saflok RFID lock systems produced by Dormakaba. It affects over three million hotel rooms across more than 13,000 properties in 161 countries. The issue lies in the encryption and RFID technology, making it possible to unlock doors unauthorizedly.
How can the Unsaflok vulnerability be exploited?
Exploiting the Unsaflok flaw requires obtaining a hotel’s keycard, then using an RFID writer-reader to duplicate its data onto two new cards. Using these cards in sequence on a door’s lock can unlock it. Alternatively, an Android phone with NFC and a specific app can mimic the keycards’ function.
Are there any precautions hotel guests can take?
While the technicalities of the Unsaflok exploit are complex, guests are advised to safeguard their keycards and report any lost or stolen cards immediately. Awareness and vigilance, such as ensuring doors are securely locked and using additional security measures like door stoppers, can offer extra protection.
What is being done to fix the Unsaflok vulnerability?
The cybersecurity team behind the discovery of the Unsaflok flaw is working with Dormakaba to address the issue. By not fully disclosing the hack, they aim to prevent its exploitation and ensure a solution is found before the vulnerability becomes widely known and misused.
Also Read: Android 14 Storage Bug in Several Pixel Devices Causing User Lockout