More than 3 million hotel doors open instantly to hackers

More than 3 million hotel doors open instantly to hackers

2024-03-22 17:10:37

The Saflok locksmith manufacturer behind electronic doors has a patch for this vulnerability, but applying this patch can take a long time.

Every year, thousands of security researchers and enthusiasts travel to Las Vegas in August for what is known as “hacker summer camp,” namely the Black Hat and Defcon conferences. .

But it was during a private event organized in 2022 that a group of hand-picked researchers was invited to remotely decode a Las Vegas hotel room.

In a suite crowded with laptops and cans of Red Bull, they competed to find digital flaws in every electronic gadget in the room, from the television to the bedside VoIP phone.

Unsaflok: 3M key cards that can be hacked remotely

After several days focusing on the electronic lock on the bedroom door, more than a year and a half later, they finally revealed the results of their work: a technique they discovered that would allow an intruder to Open any of the world’s millions of hotel rooms in seconds, with just two taps.


Dormakaba

Today, Ian Carroll, Lennert Wouters and a team of other security researchers reveal a hotel key card hacking technique they call Unsaflok. This is a set of security flaws that would allow a hacker to almost instantly open several models of Saflok brand keycard locks, based on RFID technology and sold by Swiss lock manufacturer Dormakaba.

Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries.

“Two quick taps on the lock and we open the door”

By exploiting weaknesses in Dormakaba’s encryption and the underlying RFID system used by it manufacturer based in Rümlang (16,000 employees worldwide), known as MIFARE Classic, Carroll and Wouters demonstrated how easy it was to open a Saflok key card lock.

Their technique begins by obtaining any key card from a target hotel – for example, taking a key card from a box of used cards – then reading a certain code from that card to using a $300 RFID read-write device, and finally by writing two key cards of their own. When they simply tap these two cards on a lock, the first one rewrites part of the lock’s data, and the second one opens it.



More than 3 million hotel doors open instantly to hackers

Dormakaba

“Two quick taps and we open the door,” explains Wouters, a researcher in the computer security and industrial cryptography group at KU Leuven University in Belgium. And it works on all hotel doors. »

All the technical details of their hacking technique with the manufacturer Dormakaba who will update the locks. However, updating older ones will take longer, months or even years.

1711233670
#million #hotel #doors #open #instantly #hackers

Leave a Replay