Researchers have uncovered a significant security vulnerability named “Unsaflok,” affecting approximately 3 million Saflok electronic locks deployed worldwide across hotels and homes. This flaw enables hackers to potentially unlock any door in 13,000 properties, posing a severe threat to guest safety and security. Discovered during a hacking event, the vulnerabilities were disclosed to manufacturer Dormakaba, initiating efforts to address the issue, yet as of March 2024, 64% of the affected locks remain vulnerable.
The series of vulnerabilities within the Saflok electronic lock system, when exploited in tandem, allow attackers to gain unauthorized access by forging keycards. These keycards can be easily created using commercially available tools, presenting a relatively low barrier to entry for potential attackers. Despite Dormakaba’s ongoing efforts to replace and upgrade impacted locks, the complexity of the process poses challenges, leaving a significant portion of the locks susceptible to exploitation.
The widespread impact of the Unsaflok vulnerabilities extends to various Saflok models, including the Saflok MT, Quantum Series, RT Series, Saffire Series, and Confidant Series, managed by System 6000 or Ambiance software. With properties across 131 countries affected, the potential for unauthorized access raises concerns for both guests and hotel staff. Although Dormakaba has been working on remediation since November 2023, it will take time for the majority of properties to complete the necessary upgrades.
To address the immediate security concern, researchers have provided limited information about the vulnerability, urging hotel staff and guests to remain vigilant. While guests can use the NFC Taginfo app to check for vulnerable keycards, active exploitation may still be challenging to detect accurately. As efforts continue to mitigate the Unsaflok threat, ongoing collaboration between security researchers, manufacturers, and property owners is crucial to safeguarding against unauthorized access and ensuring the safety of guests worldwide.
