[...] This week, a group of white hat hackers released the research from an in-depth study into a particular set of security vulnerabilities — known as "Unsaflok," named after the Dormakaba-branded Saflok door locks that they target. The study that resulted in Unsaflok's discovery was originally conducted in a hotel in Las Vegas in 2022; a city that has seen its fair share of brutal cyberattacks like the 2022 MGM casino hack. The vulnerability the researchers discovered is equal parts dangerous and simple: All it takes is a couple of quick taps with an ordinary card key, and anyone could theoretically break into a hotel room.
Saflok locking systems are installed on hotel rooms all over the world; with around 3 million doors in 13,000 properties across 131 countries estimated to have doors installed according to the researchers' disclosed information. Even though all of these doors are in different locations and under different owners, this single exploit could take advantage of every one of them.
The vulnerability revolves around the RFID keycards that the Saflok system reads, which utilize a system called MIFARE Classic. If a hacker were to obtain any two MIFARE keycards, even just from renting out a couple of rooms in a hotel themselves, they could then use a generic RFID read-write device to instantly alter their contents.
[...] The bad news is that, due to the complexity of the systems involved in managing hotel door locks, the process has been slow-going. In addition to individually updating the software in every single lock, all of the relevant keycards need to be reissued, and the front desk management software needs to be overhauled. As of March 2024, only around 36% of the affected Saflok systems have been replaced or updated, according to the researchers' report.
(Score: 3, Interesting) by looorg on Saturday March 23, @07:01PM (1 child)
MIFARE Classic used in a lot of travel cards (bus, subway...) have been busted now for decades. It's a bit of a surprise they keep using it. By now they are practically asking for it.
So just another thing to worry about in the hotel room then beyond what the previous people have been doing in the room before you and how well the room was cleaned. Hope you have a room with a door that opens inwards so you can at least put a large chair in front of the door or something, and hope there isn't a fire in the middle of the night.
This is almost as annoying as that little slot/cardholder on the inside that you have to put your keycard in so you get power to the room. Also conveniently, for the hotel, killing all the power when you leave. No charging batteries or devices for you when not in the room. I guess it's a powersaver for them, and also a nice way of snooping and/or knowing when you are in the room or not. But it's a bit annoying.
I have not really investigated it, have not had the toolkit and multi meter with me to so if you actually need the keycard of you could just put anything in there or bypass it with a dummycard of sorts.
(Score: 2) by sgleysti on Saturday March 23, @07:29PM
In the hotels that I've been in with the keycard activated room power switch, any card of approximately the same size worked to turn on power to the room. It was a simple mechanical switch mechanism.
While they could get fancy with it and require the same RFID card that unlocks the room (or the cleaning staff card), that's a lot of extra cost to stop what I assume is a minority of people from bypassing the system.
(Score: 2) by JoeMerchant on Saturday March 23, @07:58PM
Since the days of Goldfinger when James Bond illustrated the maids' key opening all the rooms, for any sufficiently brash and charming agent...
Mag-stripe keycards are laughably hackable / copyable with the simplest of equipment. Modern key-cards may be a little better, but ultimately the front desk and the maids (and anyone they give access to) have full access...
As far as cool goes, there was a generation of plastic hole-punched keycards I encountered in Denmark back around 1989... they were pretty sweet, I think they had a 6x6 matrix of possible holes for 2^36 possible combinations (no doubt also equipped with skeleton key codes). Super-copyable in this day and age of digital cameras on everybody's phone, but they were 100% mechanical and always worked really well when I used them.
