Hackers have learned to pick any of the 3 million hotel locks

But these are the good hackers. A critical security flaw has been discovered in millions of hotel room doors around the world. Researchers Ian Carroll, Lennert Wouters and their team presented “Unsaflok”, a technique that exploits weaknesses in Dormakaba's Saflok RFID keycard locks. These locks are installed on approximately 3 million doors in 13,000 hotels in 131 countries. DiscussHackers have learned to open any of the 3 million hotel locks© Ferra

The vulnerability lies in a combination of Dormakaba encryption flaws and the underlying MIFARE Classic RFID systems. Using a $300 RFID reader, attackers can steal data from a legitimate key card and create two new ones. By touching these counterfeit cards to the lock, attackers can overwrite the lock data and gain access.

Although the attack requires physical access to a valid key card, its simplicity raises security concerns. Dormakaba recognizes this problem and has been working with hotels to eliminate vulnerable locks since early 2022.

It may take months, and possibly years, to fully resolve the issue, especially for older locks. systems that require hardware upgrades.