Hotel Keycard Hack Can Open Guest Rooms

Hackers Ian Carroll and Lennert Wouters, along with a team of other security researchers, have discovered a technique that would “enable intruders to unlock any of millions of hotel rooms around the world in just seconds,” according to a recent People report, citing information from Wired.

The hackers recently unveiled a hotel keycard hacking method called Unsaflok, which highlights “the series of security vulnerabilities that would allow a hacker to almost instantly unlock certain models of Saflok-brand RFID-based keycard locks sold by Switzerland-based lock manufacturer dormakaba,” the report says.

Saflok keycard systems are installed on about 3 million doors worldwide at 13,000 properties in 131 countries, according to the report.

The hacking technique unveiled by Carroll and Wouters begins with obtaining any keycard from a target hotel, reading a certain code from that card using an RFID read-write device (purchased for $300), and then writing two keycards of their own.

When users tap those two cards on a lock, the first one rewrites a piece of the lock’s data and the second card opens it, according to Wired.

“Two quick taps and we open the door,” says Wouters, a researcher in the Computer Security and Industrial Cryptography group at Belgium’s KU Leuven University, in the Wired report. “And that works on every door in the hotel.”

Inside the Hotel Keycard Hack

Wouters and Carroll, an independent security researcher and founder of the travel website Seats.aero, shared their hacking technique with dormakaba in November 2022. The company has been working since to “alert hotels that use Saflok of the system’s security flaws and help them fix or replace their locks,” the report says.

No hardware replacement is necessary for the majority of Saflok systems sold in the past eight years, according to the Wired report. To fix the issue, hotels “only need to update or replace their front desk management system and bring in a technician to manually reprogram each door lock,” the report says.

Wouters and Carroll told Wired they were informed by dormakaba officials that only 36% of installed Safloks have been updated, as of this month.

Dormakaba also told the researchers it will likely take “months or longer” to fully remedy the situation, since the locks are not connected to the internet and some older locks require a hardware upgrade, the report says.

In a statement to People, dormakaba said the company published “detailed information about the security vulnerability” on Wednesday, March 20.

“As soon as we were made aware of the vulnerability by a group of external security researchers, we initiated a comprehensive investigation, prioritized developing and rolling out a mitigation solution, and worked to communicate with customers systematically,” the dormakaba statement says.

“We are not aware of any reported instances of this issue being exploited to date,” the statement continues. “Per the principles of responsible disclosure, we are collaborating with the researchers to provide a broader alert to highlight how existing risks with legacy RFID technology are evolving, so that others can take precautionary steps.”

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Related Content

Allegion US Features Products and Partnerships at ISC West 2024

The Role of Building Information Modeling (BIM) for Safety and Security Management

ASSA ABLOY Features New Access Control Products at ISC West 2024

Vantage Standardizes Security at 32 Global Data Centers with Genetec Security Center