Dormakaba Hotel Keycard Hack
Every year, Las Vegas hosts a plethora of security researchers for the Black Hat and Defcon hacker conferences. In a private event in 2022, a group of researchers were invited to hack a hotel room in Vegas, uncovering a technique that could potentially open millions of hotel rooms worldwide with just two taps on a keycard.
Unsaflok Technique
Security researchers Ian Carroll and Lennert Wouters, along with their team, have revealed a security vulnerability they call Unsaflok. This technique exploits weaknesses in encryption and the MIFARE Classic RFID system used in Saflok-brand keycard locks by Dormakaba, a Swiss lock maker.
The Saflok systems are present in 3 million doors globally across 13,000 properties in 131 countries. With Unsaflok, hackers can manipulate keycard data obtained from a target hotel to create keycards that instantly unlock Saflok keycard locks.
By rewriting a certain piece of data on the lock with $300 RFID read-write devices, the hackers can easily gain access to any room in a hotel without detection. Dormakaba has been made aware of these security flaws and has been working on a solution since last year.
Fixing the Issue
Hotels using Saflok systems are advised by Dormakaba to update or replace vulnerable locks without the need for individual hardware replacement. A reprogramming of each lock by technicians is sufficient to address the security flaws.
Although Dormakaba has informed researchers that only 36 percent of installed Safloks have been updated, the full roll-out of fixes may still take months to years due to the variety of installations and the lack of internet connectivity in some locks. However, efforts are underway to ensure the security of hotel guests across the globe.
Image/Photo credit: source url