A team of security experts has discovered a method that allows attackers to open “millions of hotel rooms around the world in a few seconds with just two taps.”
According to Travel Pulse, a group of security experts has named this method of hacking a room key card as Unsaflok. It became possible due to the discovery of a “set of vulnerabilities” in key card locks from the popular Swiss lock manufacturer Dormakaba. It turned out that hackers can almost instantly open several models of such locks based on RFID technology.
More than 3 million hotel room doors worldwide, distributed across 13,000 properties in 131 countries, use Saflok systems. Hackers can exploit vulnerabilities in key encryption and the underlying RFID system. To engage in this type of hacking, attackers first need to obtain a key card from the target hotel by booking a room or simply taking a key from a box of used keys. Hackers then read the code on the card using an RFID reader and writer. Next, they write down two of their cards.
“When they simply touch two cards on the lock, the first one overwrites a certain part of the lock data, and the second one opens it. Two quick touches and we open the door. And this works on every door in the hotel,” the experts explained.
Swiss lock manufacturer Dormakaba is working to eliminate this security problem. Since last year, the company has been trying to reach hotels around the world that rely on Saflok, calling on them to “help fix or replace vulnerable locks.”
To fix this problem, simply update the front desk management system, and then a technician can reprogram the locks on every door in the entire hotel. Although some older locks will still need a hardware upgrade. However, the process of solving this problem in the industry is not moving so quickly. According to the latest data, only 36 percent of Saflok locks have been updated so far.