Millions of Hotel Rooms Worldwide Vulnerable to Door Lock Exploit

  /     /     /  
Publicated : 23/11/2024   Category : security


Millions of Hotel Rooms Worldwide Vulnerable to Door Lock Exploit


Hotel locks have been vulnerable to cyber compromise for decades and are extending their run into the digital age.



Researchers have developed a simple exploit capable of unlocking all of the doors at more than 10,000 hotels worldwide.
Saflok-brand RFID-based keycard locks have been around for 36 years. But only in the late summer of 2022 did a team of seven researchers
identify a series of vulnerabilities
that allowed hackers to crack them open, deadbolt and all, using only a customized keycard.
Saflok locks are installed on more than 3 million doors across 13,000 hotels and multi-family housing environments in 131 countries. Dormakaba began rolling out a patch last November but, to implement it, each device needs to be updated one by one. As of this month, just 36% of affected locks have been updated or replaced.
Its the latest problem for an industry facing uniquely difficult security challenges.
Important people stay in hotels, and hotels maintain sensitive data about their guests, notes Lee Clark, manager of cyber threat intelligence production at the Retail and Hospitality ISAC. So if you run a nice hotel, youre up against nation-backed threat actors that are looking, for cyber-espionage purposes, to steal information about important people. And especially for organizations that are attached to gaming facilities, theres a lot of money at stake.
Breaking into unsuspecting travelers hotel rooms requires just a few items.
First: any keycard from the targeted property — your own room key, someone elses, even an expired one in the garbage.
Youll also need another two MIFARE Classic keycards (the kind used by Saflok) to write to, and any one of a number of commercially available products capable of doing that job: a Proxmark3, Flipper Zero, or even an near-field communication (NFC)-capable Android phone.
The team behind Unsaflok are keeping close hold over specifics for now, but the outline of how their attack works is as follows.
First, a code from the hotel card is recorded by the read-write device. Then, the attacker writes to the other two cards. The first custom card, when tapped against a Saflok lock, overwrites a crucial piece of its data, and then the second custom card can be used to unlock the door.
It may take a while for this exploit to be fully stamped out globally. Some connected locks sold in recent years can be updated via a front desk management system. But for the majority of Safloks around the world, the researchers explained, Upgrading each hotel is an intensive process. All locks require a software update or have to be replaced. Additionally, all keycards have to be reissued, front desk software and card encoders have to be upgraded, and third-party integrations (e.g., elevators, parking garages, and payment systems) may require additional upgrades.
Particularly concerned guests can determine whether their hotel room door is vulnerable using the NFC Taginfo app on iOS and Android, which identifies different types of keycards. Updated Saflok locks use MIFARE Ultralight C cards, instead of MIFARE Classic.
As effective as Unsaflok is, Clark notes, Its a new play in an old game — there are a lot of similar methods to unlock electronic locks.
At Black Hat 2019, for example, two members of the Chaos Computer Club
undermined a mobile phone keycard system
used by an EU hotel. Even
more dangerous proofs-of-concept
had been demonstrated much earlier still.
In fact, just a couple of months ago — and not for the first time —
Safloks key derivation function (KDF) was reverse engineered
, opening the door for hackers to read and clone keycards. 
The simplest way to unlock a hotel door, though, is probably with a Flipper Zero. Its an interesting little multitool — it looks like a Game Boy, Clark explains. It can do a number of things that help with penetration testing, and one of the things that it can do is open hotel locks.
And this is all if you dont want to just kick open the door with your foot, right?
In the face of all of these potential threats, though, there is good news.
Hoteliers have plenty of means for protecting guests from potential intruders.
Of course, theres physical security: cameras in hallways, training staff to watch out for suspicious activity, automatic locking mechanisms that trigger a few seconds after a guest opens their door.
Particularly sophisticated hotels can also incorporate security detection into broader building automation management systems, Clark explains, because a smart lock is really just part of a hotels overall [Internet of Things] system, which also involves the stuff for maintaining the temperature and chemical levels in the pool and the spa, temperatures and humidity levels in the hotel rooms, etc.
Securing hotel locks beyond this point, however, can get dicey.
There are a few schools of thought around better securing these locks, Clark notes, for example, by implementing multifactor authentication where possible. That one can be questionable, because youre putting a barrier between the guest and the convenience of easily opening their room. Password protections are another one, but that comes with all the regular risks of potentially weak passwords. A big one lately has been biometric locks — adding a fingerprint or something like that to the locks — but then theres the question of storing that biometric data, which brings up other risks and regulatory issues.
For guests who arent comforted by the existing state of hotel security, there is one way to prevent even the most sophisticated attackers from breaking into your room, at least when youre inside of it: a good old-fashioned chain lock or swing bar.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Millions of Hotel Rooms Worldwide Vulnerable to Door Lock Exploit