Teacher
Professional
- Messages
- 2,669
- Reaction score
- 818
- Points
- 113
The feeling of security inside the hotel room was just a sweet illusion.
Every year in August, thousands of cybersecurity professionals gather in Las Vegas for an event called "hacker summer camp." At this time, two major information security conferences are being held: Black Hat and Defcon. At one of these events in 2022, a group of researchers was given a unique task-to hack a hotel room in Vegas, using vulnerabilities in all its devices.
The study focused on hotel room technologies, including televisions, telephones, and most importantly, door locks. A year and a half after the event, the hacking team, which included Ian Carroll and Lennert Wouters, finally presented the results of their work — a method that allows you to open any of the millions of hotel rooms around the world in just a few seconds.
So, the method, called "Unsaflok", is aimed at exploiting vulnerabilities in the Saflok brand locks produced by the Swiss company Dormakaba, which are installed on three million hotel doors in 131 countries around the world. The researchers identified weaknesses in the encryption and RFID system used in these locks, which allowed them to demonstrate the ease with which a Saflok lock can be opened.
To crack the lock, the team only needed to get a card from any room in the target hotel, read the code from it using a special RFID reader-writer device worth about $ 300, and then create their own pair of cards. Touching these cards to any Saflock brand lock installed in the target hotel allowed you to first overwrite the data sewn into it, and then open it without hindrance.
Dormakaba was informed about the vulnerabilities found back in November 2022. Since then, it has started the process of informing hotels that use Saflok systems, as well as providing assistance in fixing vulnerabilities.
Hundreds of hotels had to manually reprogram each vulnerable lock, which took a lot of time and effort. However, according to Carroll and Wouters, even after a year and a half, only 36% of installed Saflok systems have been updated. Due to such slow progress in fixing the vulnerability, the authors of the hack decided not to wait any longer, blindly relying on the good faith of hotel owners, and to disclose all the details, notifying the whole world about the danger.
Given that Saflock locks do not support automatic software updates, since they are not connected to the Internet, and some older models even require hardware replacement to fix the vulnerability, a complete solution to the problem, where all Dormakaba customers eliminate the gap, will take a long time. Until then, millions of Saflok locks remain vulnerable to hacker manipulation, which puts the physical security of many people at risk.
Hotel guests who encounter Saflok locks are advised by researchers to use the NFC Taginfo mobile app to check their key cards. If the app shows that the card uses the MIFARE Classic system, there is a high probability that the hotel room lock is still vulnerable. In such cases, it is recommended not to leave valuables in the room and, while inside, it is mandatory to use an additional bolt.
Carroll and Wouters argue that even though only 36% of vulnerable locks have been eliminated, it is better for hotel guests to be aware of the possible risks than to have a false sense of security.
Given that Saflok locks have been sold for more than three decades and may have been vulnerable for most of that time, the lack of information about previous malicious use of this technique does not mean that it has never been exploited before.
All this highlights the importance of awareness and increased vigilance on the part of hotel visitors, as well as the increased responsibility that hotel owners who are notified of this breach, but have not yet eliminated it, bear. A year and a half is still a long time to fix all possible security issues.
This story is a reminder of the importance of constant monitoring and timely elimination of potential vulnerabilities, especially when it comes to protecting physical objects and the safety of real people.
Every year in August, thousands of cybersecurity professionals gather in Las Vegas for an event called "hacker summer camp." At this time, two major information security conferences are being held: Black Hat and Defcon. At one of these events in 2022, a group of researchers was given a unique task-to hack a hotel room in Vegas, using vulnerabilities in all its devices.
The study focused on hotel room technologies, including televisions, telephones, and most importantly, door locks. A year and a half after the event, the hacking team, which included Ian Carroll and Lennert Wouters, finally presented the results of their work — a method that allows you to open any of the millions of hotel rooms around the world in just a few seconds.
So, the method, called "Unsaflok", is aimed at exploiting vulnerabilities in the Saflok brand locks produced by the Swiss company Dormakaba, which are installed on three million hotel doors in 131 countries around the world. The researchers identified weaknesses in the encryption and RFID system used in these locks, which allowed them to demonstrate the ease with which a Saflok lock can be opened.
To crack the lock, the team only needed to get a card from any room in the target hotel, read the code from it using a special RFID reader-writer device worth about $ 300, and then create their own pair of cards. Touching these cards to any Saflock brand lock installed in the target hotel allowed you to first overwrite the data sewn into it, and then open it without hindrance.
Dormakaba was informed about the vulnerabilities found back in November 2022. Since then, it has started the process of informing hotels that use Saflok systems, as well as providing assistance in fixing vulnerabilities.
Hundreds of hotels had to manually reprogram each vulnerable lock, which took a lot of time and effort. However, according to Carroll and Wouters, even after a year and a half, only 36% of installed Saflok systems have been updated. Due to such slow progress in fixing the vulnerability, the authors of the hack decided not to wait any longer, blindly relying on the good faith of hotel owners, and to disclose all the details, notifying the whole world about the danger.
Given that Saflock locks do not support automatic software updates, since they are not connected to the Internet, and some older models even require hardware replacement to fix the vulnerability, a complete solution to the problem, where all Dormakaba customers eliminate the gap, will take a long time. Until then, millions of Saflok locks remain vulnerable to hacker manipulation, which puts the physical security of many people at risk.
Hotel guests who encounter Saflok locks are advised by researchers to use the NFC Taginfo mobile app to check their key cards. If the app shows that the card uses the MIFARE Classic system, there is a high probability that the hotel room lock is still vulnerable. In such cases, it is recommended not to leave valuables in the room and, while inside, it is mandatory to use an additional bolt.
Carroll and Wouters argue that even though only 36% of vulnerable locks have been eliminated, it is better for hotel guests to be aware of the possible risks than to have a false sense of security.
Given that Saflok locks have been sold for more than three decades and may have been vulnerable for most of that time, the lack of information about previous malicious use of this technique does not mean that it has never been exploited before.
All this highlights the importance of awareness and increased vigilance on the part of hotel visitors, as well as the increased responsibility that hotel owners who are notified of this breach, but have not yet eliminated it, bear. A year and a half is still a long time to fix all possible security issues.
This story is a reminder of the importance of constant monitoring and timely elimination of potential vulnerabilities, especially when it comes to protecting physical objects and the safety of real people.
