Hackers Show Vulnerabilities of RFID-Based Hotel Door Locks

/in


Hackers show vulnerabilities of RFID-based hotel door locks

Apr 02, 2024In a scenario that feels lifted from Oceans 11, a group of hackers have shown the vulnerabilities of RFID-based locks through a hotel room keycard.

A team of security researchers recently revealed a hotel keycard hacking technique they call Unsaflok. The technique exposes a collection of security vulnerabilities that would allow a hacker to open several models of Saflok-brand RFID-based keycard locks sold by lock maker Dormakaba.

The Saflok systems are installed on three million doors worldwide, inside 13,000 properties in 131 countries.

RFID Journal Live

The Hackers Story

As detailed in a story published on Wired, the researchers exploited weaknesses in both Dormakaba’s encryption and the underlying RFID system used, known as MIFARE Classic, according to Ian Carroll and Lennert Wouters.

They started by obtaining any keycard from a target hotel—new or used—in order to read a certain code from that card with a $300 RFID read-write device. After writing two keycards of their own, they were able to first rewrite a certain piece of the lock’s data and then open it.

“Two quick taps and we open the door,” said Wouters, a researcher in the Computer Security and Industrial Cryptography group at the KU Leuven University in Belgium. “And that works on every door in the hotel.”

Dormakaba Solution

Wouters and Carroll shared the full technical details of their hacking technique with Dormakaba in November 2022. Dormakaba says that it’s been working since early last year to make hotels that use Saflok aware of their security flaws and to help them fix or replace the vulnerable locks.

For many of the Saflok systems sold in the last eight years, there’s no hardware replacement necessary for each individual lock. Instead, hotels will only need to update or replace the front desk management system and have a technician carry out a relatively quick reprogramming of each lock, door by door.

But Dormakaba has reportedly only updated 36 percent of installed Safloks. Given that the locks aren’t connected to the internet and some older locks will still need a hardware upgrade, they say the full fix will still likely take months…

Source…