3 Million Locks In 131 Countries Can Be Opened With An Android Phone’s NFC
You might not know it, but discovering vulnerabilities in software is a whole industry on its own, and it’s what white hat hackers make their money off of. As reported by WIRED, some security researchers have just unveiled a major vulnerability that they’ve found in the Saflok locks made by the Dormakaba brand.
Here’s what the researchers had to do. By getting a card for any of the rooms in a hotel and pairing it with a specific RFID read-write device (not very cheap, so not every random Joe will be doing this), they can read the code of the keycard and write that code to two separate keycards. By tapping those two cards on the lock, one rewrites part of the lock’s code and the other one opens the door. They call this technique Unsaflok (clever). And no, that’s not limited to the door that the keycard was for. It works on every single Saflok in the hotel.
But here’s the kicker, you don’t necessarily need to use those two keycards. Suppose you have an Android phone with support for NFC (a feature introduced to Android in 2011, which essentially all flagships and mid-range phones have); in that case, you can just download a signal-emitting app, feed it with the appropriate code, and it’ll transmit the necessary signal instead of having to use those keycards. Android phones have been supported for keyless entry for quite some time but in a more legal fashion.
The kicker? Across 13,000 different establishments in 131 countries, three million hotel rooms are using these Saflok model locks. That means every single one of these rooms is potentially susceptible to this vulnerability, at least until they get patched.
Speaking Of Patches, What Is The Remedy To This Unsafe Revelation?
Well, the good thing is, the hackers who discovered this aren’t out for blood. Instead, they shared their findings with Dormakaba way back in November 2022 and as a result, there’s a fix for the affected locks.
Hotels using Saflok models will only need to update their front desk software and each lock will need to be reprogrammed by a technician, but this is said to be a quick procedure. However, at the moment, just a bit over one-third of all Safloks installed have been updated appropriately, meaning that there are still millions of these locks across the world that can still be hacked in this fashion.
It’s estimated that it’s still going to take several months before the majority of Safloks are patched against this exploit, but thankfully, the full details of the vulnerability were never made public, so guests don’t need to lose (too much) sleep over this yet.
