Unlocking Insecurity: The Global Hotel Lock Vulnerability Exposed

A significant security vulnerability, dubbed "Unsaflok," has been identified in Dormakaba's Saflok electronic RFID locks, which are used in millions of hotel rooms across the globe. This flaw was uncovered by a group of researchers, including Lennert Wouters, Ian Carroll, and others, who found that it could potentially allow unauthorized individuals to access any room secured by these locks by exploiting a series of security weaknesses.

The crux of the Unsaflok vulnerability lies in the ability of attackers to forge a pair of keycards after reverse-engineering Dormakaba's software and a lock programming device. With just one keycard from the hotel—potentially even their own—attackers can crack Dormakaba's encryption and spoof a master key that unlocks any room on the property. The attack process involves creating forged keycards using commercially available tools and MIFARE Classic cards, which are then used to rewrite the lock's data and unlock the door.

Dormakaba was notified of these vulnerabilities in November 2022, and since then, the company has been working to address the security risk by either updating or replacing the vulnerable locks. While not all systems sold in the past eight years require hardware replacements, many do need updates or reprogramming, a process that involves both the front desk management system and individual lock programming, door by door.

As of March 2024, a significant portion of the locks remains vulnerable, with Dormakaba actively working on mitigating the issue. The wide impact of the Unsaflok flaws has raised concerns over hotel security worldwide, as these locks are used in approximately 13,000 properties across 131 countries. To combat this, the research team has withheld some technical details to allow time for upgrades and mitigations to be implemented effectively.

Hotel guests and staff may detect unauthorized access attempts by auditing the lock's entry/exit logs, although this may not always accurately reflect all instances of exploitation. Guests can also use the NFC Taginfo app to check their keycard for vulnerabilities, specifically looking for MIFARE Classic cards which are indicative of susceptible locks.

This revelation underscores the ongoing challenge of maintaining security in an increasingly digital world, highlighting the importance of robust security practices and the need for continuous vigilance against potential vulnerabilities.

Source: https://www.support-remote.org/post/unlocking-insecurity-the-global-hotel-lock-vulnerability-exposed