Researchers Uncover Vulnerability in Hotel Room Locks Worldwide
Hacking Experiment at Private Event Leads to Startling Discovery
In August 2022, during the annual “hacker summer camp” in Las Vegas, a group of security researchers were invited to participate in a unique challenge: hacking a hotel room’s technology, from the TV to the bedside phone. One team, led by Ian Carroll and Lennert Wouters, focused their efforts on the room’s door lock, uncovering a critical vulnerability that could potentially affect millions of hotel rooms worldwide.
The “Unsaflok” Technique: Opening Doors with Two Taps
The researchers have dubbed their keycard hacking method “Unsaflok,” revealing that it allows an intruder to open any vulnerable hotel room in seconds with just two taps on a device. The technique exploits a weakness in the widely-used Dormakaba Saflok locks, which feature a distinctive round RFID reader with a wavy line cutting through it.
Limitations and Precautions of the Unsaflok Technique
To execute the Unsaflok hack, the intruder must possess a keycard, even an expired one, from a room within the same hotel as the targeted room. This card contains a property-specific code that needs to be read and duplicated on a spoofed card. The technique also requires the use of an RFID read-write device or a smartphone to emit two sequential signals to reprogram the lock and unlock the door.
The researchers have chosen to withhold certain details of the technique to prevent potential misuse by malicious actors. They aim to strike a balance between helping Dormakaba implement a fix and informing hotel guests of the potential risk, especially since many properties may remain vulnerable even after the manufacturer’s update.
Identifying Vulnerable Locks and Protecting Valuables
Hotel guests can identify potentially vulnerable Saflok locks by their distinct design and can check if their keycard is a MIFARE Classic card using the NFC Taginfo app by NXP, available for iOS or Android. If the lock is found to be vulnerable, the researchers recommend avoiding leaving valuables in the room and using the door’s chain bolt when inside, as the deadbolt is also controlled by the keycard lock.
The Importance of Awareness and Transparency
Carroll and Wouters emphasize the importance of informing hotel guests about the potential risks, arguing that it is better to be aware than to have a false sense of security. They point out that the Saflok brand has been in use for more than three decades, and the vulnerability may have existed for much or all of that time, even if Dormakaba is unaware of any past exploitation of the technique.
We think the vulnerability has been there for a long time. It’s unlikely that we are the first to find this.
By bringing this vulnerability to light, the researchers hope to encourage a more proactive approach to addressing security weaknesses in hotel room locks and to empower guests to take necessary precautions to protect their belongings and privacy.
2 Comments
Guess it’s time to start using old-fashioned keys again, huh
Makes you wonder what’s truly secure nowadays, doesn’t it