Hacking technique reveals vulnerabilities in certain models of Saflok brand RFID-based key card locks used in 131 countries around the world
Getty
Stock image of key card lock
Hackers have discovered a technique that would allow intruders to unlock any of the millions of hotel rooms around the world in a matter of seconds.
Ian Carroll and Lennert Wouters, along with a team of other security researchers, disclosed a hotel key card hacking method called Unsaflok that exposed a series of vulnerabilities that allowed a hacker to almost instantly unlock certain models of Saflok-branded RFID. Key card locks sold by Switzerland-based lock manufacturer Dormakaba, according to Wired.
Saflok key card systems are installed on approximately 3 million doors per point of sale in 13,000 properties in 131 countries worldwide.
Related: Why You Should Always Put a Shoe in Your Hotel Safe, According to a Flight Attendant’s Viral Video
Carroll and Wouters’ technique begins with obtaining any key card from the target hotel, reading a specific code from that card using an RFID read-write device (easily purchased for $300), and then writing down two key cards of their own. According to Wired, when they touch these two cards to a lock, the first one rewrites some of the lock’s data and the second card opens it.
“With two quick taps, we open the door,” Wouters, a researcher in the Computer Security and Industrial Cryptography group at KU Leuven University in Belgium, told Wired. “And that goes for every door in the hotel.”
He and Carroll, an independent security researcher and founder of the travel website Seats.aero, shared their hacking techniques with Dormakaba in November 2022. The company has been working for about a year to warn hotels using Saflok about the system’s security flaws. and help them repair or replace their locks.
According to Wired, most Saflok systems sold in the past eight years do not require hardware replacement for each lock. To fix the problem, hotels only need to update or replace their front desk management systems and bring in a technician to manually reprogram each door lock.
Never miss a story — sign up for PEOPLE’s free daily newsletter to stay up-to-date on the best of what PEOPLE has to offer, from celebrity news to compelling compelling stories.
However, so far there has not been much progress in solving the serious security problem. Wouters and Carroll told Wired they were informed by Dormakaba that only 36% of installed Safloks had been updated as of this month. Dormakaba also told the couple that a full fix would likely take months or longer, especially since the locks were not connected to the internet and some older locks required a hardware upgrade.
Related: Why You Should Connect Your Keys to the Charging Cord in the Hotel Room, According to This Viral Tiktok
The company published detailed information about the vulnerability on March 20, Dormakaba told PEOPLE.
“As soon as we became aware of this vulnerability by a group of external security researchers, we initiated a comprehensive investigation, prioritized developing and rolling out a mitigation solution, and worked to systematically communicate with customers,” the statement said.
The statement continued: “We are not aware of any reported cases of exploitation of this issue to date.” “In accordance with the principles of responsible disclosure, we are collaborating with researchers to provide broader warning to highlight how current risks associated with legacy RFID technology have evolved so others can take action.”
Meanwhile, Wouters and Carroll say they hope to warn the public about the hacking technique.
“We are trying to find a middle ground of helping Dormakaba fix the issue quickly while also telling guests about it,” Carroll told Wired. “It will be an even bigger problem.”
They told the outlet that in most cases, guests can recognize the precision locks by their distinctive design, which features a round RFID reader with a wavy line running through it. If their door has the Saflok sign, guests can verify whether the lock has been updated by checking their key card with NXP’s NFC Taginfo app. If the lock is made by Dormakaba and the app shows that the key card is still a MIFARE Classic card, it is most likely still vulnerable to hacking.
In this case, Carroll and Wouters advise guests to avoid storing valuables in their rooms and to bolt the door chain while inside. They pointed out to Wired that the deadbolt lock is also controlled by the key card lock, so it wouldn’t provide any additional protection.
“Even if someone locks the deadbolt, it’s still not protected,” Carroll told the outlet.
Don’t forget to sign up for our newsletter for more People news!
Read the original article about people.