A crucial security flaw has been revealed in an estimated three million RFID locks utilized in hotels and homes globally. This vulnerability impacts a range of Dormakaba Saflok products present in 131 countries. Regrettably, only 36 percent of the affected locks have been rectified, leaving the rest susceptible to unauthorized access.
The affected products include several popular lines such as the Confidant, Quantum, Saffire, Saflok MT, and Saflok RT series. Furthermore, management software like Ambiance, Community, and System 6000 have also been flagged as part of the vulnerability issue. Addressing this security flaw is not a simple software patch; it requires a comprehensive hardware upgrade involving the replacement or upgrading of the locks, management software, card encoders, and keycards.
The security loophole lies in the potential for ill-intentioned individuals to gain entry using one single card, whether expired or active, to create a master NFC key. This key can bypass protections on all Saflok doors throughout a property. With minimal effort, it’s possible to craft an NFC key that could be housed on a variety of media, from a MIFARE Classic card to an Android phone with NFC capabilities.
Researchers upon discovering the flaw indicated that codes and tools to exploit this vulnerability are easily discoverable online, which raises serious concerns about the security of these locks.
For those wanting to identify whether an upgraded lock is in use, it is not possible to tell by appearance alone. However, you can use an NFC card reader to ascertain the type of card used. Secure premises typically use MIFARE Ultralight C cards, while the MIFARE classic cards are associated with vulnerable systems.
Given the simplicity with which someone could create a universal key to access these locks, it’s advised to adopt additional security measures. Guests and residents should consider reinforcing their door with a secondary physical lock, such as a portable door bar, and ensure personal safety with protective devices like pepper spray, especially in locations where the RFID locks have not been updated.
Understanding the severity of this risk is crucial for hotel operators and homeowners who prioritize the security of their premises and the safety of their guests. It has become a matter of urgency to look into alternative security measures and plan for necessary upgrades to the affected Dormakaba Saflok systems to maintain a secure environment.
