Hackers have unveiled a new technique that could compromise the security of millions of hotel rooms worldwide by exploiting a vulnerability in keycard locks, Wired reports.
Ian Carroll, Lennert Wouters, and a team of researchers have revealed their findings, dubbed “Unsaflok,” shedding light on a potential security threat affecting hospitality infrastructure.
The discovery stems from a private event in Las Vegas, where security researchers were invited to hack into a hotel room’s gadgets, including its door lock. By targeting vulnerabilities in Saflok-brand RFID-based keycard locks, the researchers demonstrated a method to open doors in seconds with minimal equipment.
Utilizing weaknesses in both encryption and RFID systems employed by Dormakaba’s Saflok locks, the researchers outlined a process involving the replication of keycards.
This technique, accessible with affordable hardware and minimal technical knowledge, poses a significant risk to hotel security worldwide.
Despite efforts by Dormakaba to address the issue, including informing affected hotels and offering solutions, the vulnerability persists in a significant portion of installed Saflok systems.
The researchers emphasize the importance of raising awareness among hotel guests about the risks associated with these vulnerable locks. They advise guests to remain vigilant and take precautions, such as avoiding leaving valuables unattended and utilizing additional door security measures.
While the full extent of past exploits remains unclear, the researchers suggest that the vulnerability may have existed for years, highlighting the need for proactive security measures in the hospitality industry.
Researchers believe that with only a fraction of locks updated, millions of hotels remain vulnerable to potential exploitation.
