A group of cybersecurity experts has disclosed a significant flaw in hotel keycard systems, dubbed “Unsaflok,” which poses a threat to the security of over three million hotel rooms worldwide.
This vulnerability, identified in the RFID locks manufactured by Dormakaba, known as Saflok, spans across more than 13,000 hotel properties in 161 countries.
The security loophole stems from shortcomings in the encryption and RFID technology utilized by Dormakaba.
The method for exploiting this vulnerability involves initially acquiring a keycard from the hotel in question, achievable through booking a room or finding a discarded card.
With the aid of an RFID writer-reader, priced around $300, the data on the keycard is duplicated onto two new cards.
These cards, when used sequentially on a hotel room’s lock, manipulate the lock’s data, ultimately unlocking the door.
Interestingly, this hack can also be executed using an Android smartphone equipped with Near-Field Communication (NFC) capability.
By downloading a specific app that emits the necessary signal, the smartphone can replicate the function of the two physical keycards, enabling door unlocking without them.
This revelation follows a previous security breach presented at the 2012 Black Hat conference in Las Vegas, where a vulnerability in Onity’s lock systems, affecting 10 million locks, was exposed.
Onity’s refusal to fund the necessary updates forced hotels to manage the rectifications independently, a decision that led to the exploit being used for criminal activities, including theft from hotel rooms.
In contrast to the previous incident, the team behind Unsaflok has opted for a more reserved approach in disclosing the full details of their discovery.
Hacker Ian Carroll stated their intention to strike a balance between facilitating Dormakaba’s swift response to the issue and raising awareness among hotel guests.
The team’s concern is that premature full disclosure could enable malefactors to exploit the vulnerability before a widespread understanding and remediation effort is in place.
The Unsaflok vulnerability is a security flaw in the Saflok RFID lock systems produced by Dormakaba. It affects over three million hotel rooms across more than 13,000 properties in 161 countries. The issue lies in the encryption and RFID technology, making it possible to unlock doors unauthorizedly.
Exploiting the Unsaflok flaw requires obtaining a hotel’s keycard, then using an RFID writer-reader to duplicate its data onto two new cards. Using these cards in sequence on a door’s lock can unlock it. Alternatively, an Android phone with NFC and a specific app can mimic the keycards’ function.
While the technicalities of the Unsaflok exploit are complex, guests are advised to safeguard their keycards and report any lost or stolen cards immediately. Awareness and vigilance, such as ensuring doors are securely locked and using additional security measures like door stoppers, can offer extra protection.
The cybersecurity team behind the discovery of the Unsaflok flaw is working with Dormakaba to address the issue. By not fully disclosing the hack, they aim to prevent its exploitation and ensure a solution is found before the vulnerability becomes widely known and misused.
Also Read: Android 14 Storage Bug in Several Pixel Devices Causing User Lockout
Highlights Motorola Razr 70 is set to debut on April 29 and early listing has…
Highlights Lenovo IdeaTab Pro Gen 2 will offer AI features such as AI Notes, Smart…
Highlights Vivo X300 FE and Vivo X300 Ultra are scheduled to launch in India on…
Highlights Realme GT 7T gets a ₹7,000 price cut on Flipkart with starting price now…
Highlight OpenAI is said to be working on an AI-focused smartphone that would compete with…
Highlights The Vivo X300 Ultra and X300 FE will debut in India on May 6,…
This website uses cookies.