A team of researchers has discovered a series of vulnerabilities, collectively called “Unsaflok,” that could compromise the security of millions of hotel room doors around the world.
Bad news for guests of thousands of hotels around the world, newly discovered security vulnerabilities affect Saflok RFID electronic locks used in many doors. According to the researchers, by exploiting these vulnerabilities, it is possible to forge key cards to unlock any door in a hotel using the Saflok system.
The consequences of this discovery are considerable: nearly 3 million doors in 13,000 establishments in 131 countries are threatened. The vulnerabilities have existed for more than 36 years, raising concerns about possible undetected exploits in the past. The researchers emphasized that while there are no known cases of malicious use of these vulnerabilities, the possibility cannot be ruled out.
Also read – This site almost offered free flights and luxury hotels for life to pirates
Major security breach affects millions of hotel doors
The attack method involves creating a pair of falsified key cards, which can be done with readily available tools and MIFARE Classic cards. The first card is used to rewrite the lock data and the second to open the door. This process, which would cost less than a few hundred dollars in equipment, would bypass the lock’s security mechanisms.
Dormakaba, the manufacturer of Saflok locks, was informed of the results of the investigation in November 2022 and has been working to develop mitigation measures since then. The company began replacing and upgrading affected locks in November 2023, but today, a large part of the locks remained vulnerable.
The Unsaflok team, which made the discovery, refrained from disclosing technical details to allow time to update the system. In the meantime, hotel staff can monitor entry and exit registers for signs of hacking, although this method is not foolproof for detecting unauthorized access. For their part, guests concerned about the security of their hotel room can use the NFC Taginfo application to check the type of card used by their room lock. If it is a MIFARE Classic card, your door is probably vulnerable.