Hackers could get past any digital door lock this way
A group of cybersecurity experts has uncovered a technique that enables Android phone users to unlock countless hotel rooms across the globe in mere seconds. This hack, dubbed Unsaflok, takes advantage of weaknesses in the Saflok electronic RFID locks produced by a Swiss-based security company called Dormakaba. This vulnerability impacts over three million hotel rooms in more than 13,000 establishments across 161 countries. The researchers leveraged shortcomings in Dormakaba's encryption and its RFID system to devise this hack.
Understanding the mechanics of Unsaflok
The exploitation of the Unsaflok vulnerability entails acquiring a keycard from the targeted hotel, which can be achieved by reserving a room or using a discarded card. With an RFID writer-reader, a code is extracted from the card and two duplicate keycards are produced. When these cards are applied to the lock, the first one alters part of the lock's data, and the second one grants access.
Android phones streamline the hack
The Unsaflok hack can be streamlined with an Android phone equipped with Near-Field Communication (NFC) technology. By installing a signal-emitting application, the phone can transmit a signal that eliminates the need for two keycards to open the door. This technological breakthrough allows millions of hotel rooms worldwide to be unlocked in just seconds using only a single Android phone.
Dormakaba's response to Unsaflok vulnerability
In contrast to Onity, who declined to cover costs for lock updates when a similar vulnerability was found in 2012, Dormakaba has taken preemptive measures to tackle the Unsaflok issue. "We have worked closely with our partners to identify and implement an immediate mitigation for this vulnerability, along with a longer-term solution," Dormakaba informed WIRED. The Unsaflok team is also collaborating closely with Dormakaba, withholding full details of the hack from the public to avoid potential misuse.