What if your hotel room door is less secure than you thought? A team of hackers has just detailed a method for creating digital master keys that can be used in many establishments.
Hacking is not always a matter of technical flaws nestled in the processors of our computers or in the operating systems of our phones. Sometimes it also comes down to cracking hotel room digital locks. A team of American researchers has in fact unveiled a methodology making it possible to open, relatively easily, the doors of 3 million hotel rooms all over the world.
A digital master key
The vulnerability nicknamed “Unsaflok” concerns locks marketed by the Dormakaba group. These systems are present in more than 13,000 hotel establishments across 131 countries around the world. Suffice to say that that’s a hell of a lot of vulnerable locks and a hell of a lot of hotels to bring up to standard. The only hardware needed to carry out this hack is a few hundred dollar RFID card reader, two blank cards, and a “legitimate” card belonging to the hotel.
By swiping a first card over a room’s lock, researchers can somehow reprogram the lock’s software, while the second acts as a master key that the lock in question will interpret as a legitimate card to open the room. door. To achieve this feat, it is still necessary to scan the information stored on a legitimate card to obtain part of the hotel’s own encryption key. This is thanks to the exploitation of several flaws present in the MIFARE Classic protocol, used by Dormakaba locks.
Then, by analyzing using reverse engineering techniques, the software used by the company for room management, the team of researchers was able to create maps that were almost indistinguishable from legitimate models and which opened, thanks to the reprogramming carried out by the first card, any door of the targeted hotel. On the web page detailing the process, it is even explained that an Android phone or a device like a Flipper Zero can also work to hack the locks in question.
A flaw that could take years to fix
If Dormakaba was alerted to this vulnerability in September 2022, it took the company almost a year to find a satisfactory fix. Small problem, if this fix does not require, in most cases, a change of hardware, it must still be deployed in each hotel with a technician capable of working on each of the locks.
Currently, only 36% of locks have been upgraded and deploying a fix could still take months or even years.
Source: Wired
0