A serious flaw in hotel locks. All you need to break in is a smartphone
Locks used in thousands of hotels around the world are vulnerable to a very simple attack. You can easily enter any room. All you need is a smartphone.
Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell and Will Caruana are the security experts who discovered a very dangerous vulnerability in Dormakaba Saflok locks. These are used in hotels all over the world and currently allow entry to virtually any room.
How to break into a hotel?
Experts have named this threat Unsaflok. It's not even particularly complicated. To complete it, you need any card to open the room, it may even be expired.
The attacker only needs to read one card from the facility to launch an attack on any door in the hotel. This card could be from their own room or even from an expired card taken from the express checkout
– scientists said.
The counterfeit card can be created on another MIFARE Classic card, a device like Flipper Zero or Proxmark3, or even an Android smartphone with NFC. The attack can be carried out on Saflok MT, Quantum, RT, Saffire and Confidant locks, which are used in approximately 13,000 systems. hotels in 131 countries around the world.
The attack involves reading a specific code from the card and creating a pair of fake key cards – one to reprogram the data on the lock and the other to open it by breaking Dormakaba's Key Derivation Function (KDF) encryption system. In the next step, thanks to reverse engineering, it is even possible to create the so-called master key, which can be used to open any room in a given facility.
So far, there are no known cases of this method being used, but it cannot be ruled out that someone has already thought of it.