Hackers Can Unlock Millions Of Hotel Doors In Seconds: Report
Millions of hotel rooms worldwide face a security threat due to vulnerabilities in widely used door-locking technology, according to a new report.
Experts are demonstrating a hacking technique that can be used to unlock any of these doors in just seconds, Knewz.com has learned.
The hacking technique, dubbed "Unsaflok," applies to several models of Saflok-brand keycard locks sold by the Swiss lock maker Dormakaba. The locks are installed on 3 million doors of 13,000 properties in 131 countries, according to a Wired report on Thursday, March 21.
The Saflok systems use radio frequency identification (RFID) technology, which involves a wireless device or “tag” that reads information from a distance, without making any physical contact or requiring a line of sight, according to the United States Department of Homeland Security.
A team of cybersecurity researchers exposed the critical flaws in the encryption and RFID systems utilized by Dormakaba, called MIFARE Classic, according to Wired.
By reverse-engineering Dormakaba's front desk software and acquiring specialized hardware, the researchers were able to generate master keys capable of accessing any room within a property.
“You can make a card that really looks as if it was created by the software from Dormakaba, essentially,” Lennert Wouters, a researcher in the Computer Security and Industrial Cryptography group at the KU Leuven University in Belgium, said.
The hack, the experts explained, can be done by obtaining any keycard from a hotel's front desk, then reading a code from the card with a $300 RFID read-write device. This device then writes two keycards: one to replace a segment of the lock's data, and one to open it.
Wired shared a video in which the team demonstrated the ease with which these specially crafted keycards can be used to gain unauthorized access to rooms.
“Two quick taps and we open the door,” Wouters said, “And that works on every door in the hotel.”
The cybersecurity pros said they made Dormakaba aware of these issues in 2022, and since then, 36% of the company's locks have been updated, but it could take months or years for fixes to reach some hotels.
“We have worked closely with our partners to identify and implement an immediate mitigation for this vulnerability, along with a longer-term solution,” Dormakaba said in a statement, according to Wired. However, it was unclear what this "immediate mitigation" would look like. “Our customers and partners all take security very seriously, and we are confident all reasonable steps will be taken to address this matter in a responsible way.”
Since early last year, the company said it had been working to notify hotels that use its equipment of the vulnerabilities. However, much of the company's hardware sold in the past eight years lacks replacements necessary for each lock. Establishments will therefore need to update or replace their front desk management systems and reprogram locks individually.
“We think the vulnerability has been there for a long time,” Wouters said. “It's unlikely that we are the first to find this.”
Wouters and his team also said guests may be able to identify vulnerable locks by their distinct design: a round RFID reader with a wavy line crossing through it. They can also check to see if a Saflok lock has been updated by checking their keycard with the NFC Taginfo app. If the app shows the Dormakaba keycard is still a MIFARE Classic card, it is likely hackable.