Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds
Mar 29, 2024
Reverse Engineering / RFID Security
Security vulnerabilities discovered in Dormakaba's Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana. They were reported to the Zurich-based company in September 2022. "When combined, the identified weaknesses allow an attacker to unlock all rooms in a hotel using a single pair of forged keycards," they said . Full technical specifics about the vulnerabilities have been withheld, considering the potential impact, and are expected to be made public in the future. The issues impact more than three million hotel locks spread across 13,00 properties in 131 countries. This includes the models Saflok MT, and Quantum, RT, Saffire, and Confidant series devices, which are used in combination with the System 6000, Ambiance, and Communit