Skip to content Skip to footer

Security Vulnerabilities in Dormakaba’s Saflok Electronic RFID Locks Could Allow Unauthorized Access in Hotels

Security researchers recently discovered critical in Dormakaba's Saflok electronic locks, predominantly used in hotels. These could allow threat actors to access locked rooms by creating forged keycards.

These , collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana, were reported to the Zurich-based company in September 2022. According to the researchers, the identified weaknesses can be combined to unlock all rooms in a hotel using a single pair of forged keycards.

Over three million hotel locks across 13,000 properties in 131 countries are estimated to be impacted by these issues. The affected models include Saflok MT, Quantum, RT, Saffire, and Confidant series devices, typically used with the System 6000, Ambiance, and Community management software.

Despite the potential impact of these , complete technical specifics have been withheld and are expected to be made public in the future. Dormakaba has already begun a rollout process to update or replace the 36% of impacted locks as of March 2024, some of which have been used since 1988.

The attack involves reading a specific code from any keycard used in the property and creating a pair of forged keycards. One keycard is used to reprogram the data on the lock. In contrast, the other is used to open it by cracking Dormakaba's Key Derivation Function (KDF) encryption system. This method can be carried out using any MIFARE Classic card or commercially available read-write tools capable of writing data to these cards, and Proxmark3, Flipper Zero, or even an NFC-capable Android phone can be used in place of the cards.

Reverse engineering the lock programming devices distributed by Dormakaba to hotels and the front desk software for managing keycards is also a crucial step in the attack. This allows the researchers to spoof a working master key that can be used to unlock any room.

It is important to note that there have been no confirmed cases of exploitation of these issues in the wild; however, the researchers do not rule out the possibility of the being discovered or used by others.

Auditing the lock's entry/exit logs can help detect specific attacks. Hotel staff can audit these logs via the HH6 device and look for suspicious entry/exit records. Due to the vulnerability, entry/exit records could be attributed to the wrong keycard or staff member, making it easier to detect any unusual activity.

This discovery follows the finding of three critical security in Electronic Logging Devices (ELDs) commonly used in the trucking industry. This could allow unauthorized control over vehicle systems and manipulate data and vehicle operations. One of the flaws could even lead to a self-propagating truck-to-truck worm, causing widespread disruptions in commercial fleets and posing severe safety consequences.

Overall, these in the Saflok electronic locks used in hotels serve as a reminder of the importance of regularly updating and maintaining systems to prevent potential security breaches.

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

Look. This... is all a mistake. I'm just a compound interest program. I work at a savings and loan! I can't play these video games!Crom

Deitasoft © 2024. All Rights Reserved.