NEWS  Security  March 24, 2024  Reading time: 2 Minute(s)

Max (RS editor)

A group of security researchers has uncovered a vulnerability in millions of Dormakaba Saflok RFID locks, used in hotels and homes all around the world. Despite being reported to Dormakaba, the situation remains dire as only a fraction of the affected locks have been fixed.

The Vulnerability

The vulnerability affects a staggering three million Dormakaba Saflok RFID locks utilized in hotels and homes across 131 countries. Notably, various series of locks, including the Confidant, Quantum, Saffire, Saflok MT, and Saflok RT, are susceptible. Furthermore, management software such as Ambiance, Community, and System 6000 series are also compromised.

The gravity of the situation lies in the ease with which criminals can exploit this vulnerability. Merely obtaining access to one card, whether expired or active, allows the creation of a working NFC key capable of unlocking all Saflok doors within the property. This key can be embedded in various devices, from MIFARE Classic cards to NFC-enabled Android phones, making unauthorized access alarmingly accessible.

The Implications

The implications of this vulnerability are profound. With readily available tools and code circulating online, the barrier to entry for potential intruders is significantly lowered. The compromised security not only jeopardizes the safety of occupants but also poses a severe reputational risk for establishments utilizing Saflok systems.

Mitigation Strategies

As Dormakaba struggles to address the issue comprehensively, users of Saflok RFID locks must take proactive measures to safeguard their premises.

However, identifying upgraded locks can be challenging as they lack visual cues. Researchers suggest employing NFC card readers to distinguish between secure and vulnerable cards, with MIFARE Ultralight C cards considered secure.

In addition to technological measures, physical security enhancements are imperative. Given the ease of creating master keys, users are advised to reinforce door security with secondary mechanisms like portable door bars. Moreover, individuals staying in locations with non-upgraded Saflok RFID locks should prioritize personal safety by carrying defensive weapons such as pepper spray.

 IMAGES CREDITS: DORMAKABA  | COVER IMAGE BY TONODIAZ ON FREEPIK