Recently, shocking information has come to light that has rocked the global hotel security industry. A team of security researchers has uncovered a technique that allows for the unlocking of Saflok hotel locks in a matter of seconds. This revelation has raised immediate concerns regarding guest privacy and security, prompting the need for urgent action to restore security measures.
The origins of this groundbreaking discovery can be traced back to a hacker contest held in Las Vegas in 2022. At this exclusive event, researchers were invited to identify vulnerabilities in the technology of a hotel in Las Vegas. It was during this event that Ian Carroll, Lennert Wouters, and their team unveiled their groundbreaking finding, which they dubbed “Unsaflok”. This vulnerability affects lock systems that are based on RFID cards from Saflok, a brand owned by the Swiss company Dormakaba. With over 3 million doors across 131 countries utilizing these systems, the gravity of the situation cannot be overstated. The attack method involves manipulating a key card from any affected hotel, enabling access to any door within seconds.
The process of executing this hack involves acquiring a key card, reading a specific code using a RFID device, and then writing two new key cards. When these cards are used consecutively in the lock, the door is effortlessly unlocked. The vulnerability stems from weaknesses in Dormakaba’s encryption and the MIFARE Classic RFID system that is employed.
In response to this alarming revelation, Dormakaba has been actively working to inform and support hotels in upgrading or replacing vulnerable locks. While many locks manufactured within the last eight years can be updated without hardware changes, the process involves upgrading the front desk management system and reprogramming each lock. Despite these efforts, only 36% of locks have been updated thus far.
This incident serves as a stark reminder of the delicate balance between embracing cutting-edge security technologies and the constant threat of hackers exploiting vulnerabilities. As hotels and lock manufacturers strive to address these challenges, guests are urged to remain vigilant and take additional precautions to safeguard their privacy and security.
For those seeking further information on this issue, Wired has provided in-depth coverage on the Saflok hotel lock vulnerability.