The Huge Security Hack That Might Make Travelers Feel Less Safe In Hotels
Arthur T Knackerbracket has processed the following story:
[...] This week, a group of white hat hackersreleased the research from an in-depth study into a particular set of security vulnerabilities - known as "Unsaflok," named after the Dormakaba-branded Saflok door locks that they target. The study that resulted in Unsaflok's discovery was originally conducted in a hotel in Las Vegas in 2022; a city that has seen its fair share of brutal cyberattacks like the 2022 MGM casino hack. The vulnerability the researchers discovered is equal parts dangerous and simple: All it takes is a couple of quick taps with an ordinary card key, and anyone could theoretically break into a hotel room.
Saflok locking systems are installed on hotel rooms all over the world;with around 3 million doors in 13,000 properties across 131 countries estimated to have doors installed according to the researchers' disclosed information. Even though all of these doors are in different locations and under different owners, this single exploit could take advantage of every one of them.
The vulnerability revolves around the RFID keycards that the Saflok system reads, which utilize a system called MIFARE Classic. If a hacker were to obtain any two MIFARE keycards, even just from renting out a couple of rooms in a hotel themselves, they could then use a generic RFID read-write device to instantly alter their contents.
[...] The bad news is that, due to the complexity of the systems involved in managing hotel door locks, the process has been slow-going. In addition to individually updating the software in every single lock, all of the relevant keycards need to be reissued, and the front desk management software needs to be overhauled. As of March 2024, only around 36% of the affected Saflok systems have been replaced or updated, according to the researchers' report.
Read more of this story at SoylentNews.