Friday, March 22, 2024

This security flaw could let hackers unlock hotel doors across the world by hijacking keycards

Security researchers have found a relatively easy and cheap way to clone the keycards used on three million Saflok electronic RFID locks in 13,000 hotels and homes all over the world. 

The keycard and lock manufacturer, Dormakaba, has been notified, and it is currently working to replace the vulnerable hardware - but it’s a long, tedious process, which is not yet done.

Although first discovered back in 2022, the researchers have disclosed more information on the flaws, dubbed “Unsaflok”, in order to raise awareness.

Cheap card cloning

The flaws were discovered at a private hacking event was set up in Las Vegas, where different research teams competed to find vulnerabilities in a hotel room and all devices inside. A team, consisting of Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, shell, and Will Caruana, focused their attention on the Dormakaba Saflok electronic locks for hotel rooms. Soon enough, they found two flaws which, when chained together, allowed them to open the doors with a custom-built keycard.

First, they needed access to any card from the premises. That could be the card to their own room. Then, they reverse-engineered the Dormakaba front desk software and lock programming device, which allowed them to spoof a working master key which can open any room on the property. Finally, to clone the cards, they needed to break into Dormakaba’s key derivation function.

To forge the keycards, the team used a MIFARE Classic card, a commercial card-writing tool, and an Android phone with NFC capabilities. All of this costs just a few hundred dollars, it was said.

With their custom-built keycard, the team would be able to access more than three million locks, installed in 13,000 hotels and homes all over the world. 

Following the publication of the findings, Dormakaba released a statement to the media, saying the vulnerability affects Saflok systems System 6000, Ambiance, and Community. It added that there is no evidence of these flaws ever being exploited in the wild.

Via BleepingComputer

More from TechRadar Pro



from TechRadar - All the latest technology news https://ift.tt/TyD5KqV

No comments:

Post a Comment

AMD could be plotting a move to include 3D V-cache in its next ThreadRipper CPU — here’s what we know so far

Changes in the BIOS manual of the ASUS TRX motherboard have sparked rumors 3D V-Cache capabilities could be coming to new AMD APUs The...