Hackers have discovered a technique that would allow intruders to unlock any of the millions of hotel rooms around the world in just a few seconds.
Ian Carroll and Lennert Wouters, along with a team of other security researchers, discovered a hotel card hacking method called Unsaflok, which reveals a series of security flaws that would allow a hacker to unlock certain Saflok brand RFID models almost instantly. key card-based locks sold by Swiss lock manufacturer Dormakaba, according to Wired.
Saflok key card systems are installed on approximately 3 million doors worldwide in 13,000 facilities in 131 countries, per branch.
Why you should always put one shoe in your hotel safe, according to a viral flight attendant video
Carroll and Wouters’ technique begins by obtaining any key card from a target hotel, reading a specific code from that card using an RFID reader-writer (which can easily be purchased for $300), and then printing two key cards of their own. When they touch the two cards on the lock, the first overwrites part of the lock’s data, and the second card opens them, according to Wired.
“Two quick taps and we open the door,” Wouters, a researcher in the computer security and industrial cryptography group at Belgium’s KU Leuven University, told Wired. “And it works on every door in the hotel.”
He and Carroll, an independent security researcher and founder of travel website Seats.aero, shared their hacking technique with Dormakab in November 2022. For about a year, the company has been working to alert hotels using Saflok about the system’s security flaws. and help them repair or replace their locks.
Most Saflok systems sold in the past eight years have not required hardware replacement for each individual lock, according to Wired. To fix the problem, hotels just need to update or replace their front desk management system and bring in a technician to manually reprogram each door lock.
Never miss a story — sign up for PEOPLE’s free daily newsletter to stay up-to-date on the best PEOPLE has to offer, from celebrity news to compelling human interest stories.
However, so far not much progress has been made in solving the serious security problem. Wouters and Carroll told Wired that Dormakaba informed them that only 36% of Saflox installed had been updated as of this month. Dormakaba also told the couple that a full repair would likely take months or longer, especially since the locks are not connected to the Internet and some older locks require hardware upgrades.
Why You Should Tie Your Keys to Your Hotel Room Charging Cable, According to This Viral Tiktok
Dormakaba told PEOPLE in a statement that the company released detailed information about the security vulnerability on March 20.
“As soon as a group of external security researchers notified us of the vulnerability, we launched a comprehensive investigation, prioritized the development and deployment of mitigation solutions, and worked to systematically communicate with users,” the statement said.
“We are not aware of any reported cases of exploitation of this issue to date,” the statement continued. “According to the principles of responsible disclosure, we are working with researchers to provide a broader warning to highlight how existing risks with legacy RFID technology are evolving, so that others can take precautionary steps.”
In the meantime, Wouters and Carroll say they hope to alert the public to the hacking technique.
“We’re trying to find a middle ground in helping Dormakaba fix it quickly, but also communicating it to guests,” Carroll told Wired. “If someone else reverse-engineers this today and starts exploiting it before people are aware, it could be an even bigger problem.”
They told the outlet that in most cases, guests can identify vulnerable locks by their special design — a round RFID reader with a wavy line running through it. If their door has a Saflok, guests can check if the lock is up-to-date by checking their key card using NXP’s NFC Taginfo app. If the lock was made by Dormakaba and the app shows that the key card is still a MIFARE Classic card, it is probably still vulnerable to hacking.
In that situation, Carroll and Wouters advise guests to avoid storing valuables in their room and to lock the door chain while inside. They noted to Wired that the latch is also controlled by a keycard lock, so it won’t provide additional protection.
“If someone locks the bolt, they’re still not protected,” Carroll said.
Categories: Trends
Source: HIS Education