There are many hotels around the world that have embraced modern day technology. This includes the use of smart locks which can be unlocked using your phone. This means that hotels no longer need to provide guests with keycards. Unfortunately, it appears that an NFC security flaw has allowed Android phones to open the doors of over a million hotel rooms.
According to a report from WIRED, security researchers have discovered a major vulnerability in the Saflok locks made by Dormakaba. All they had to do was get a card for any of the hotel rooms, pair it with an RFID read-write device, and write the code to separate keycards.
After that, they just need to tap both keycards to the lock. One of the cards will rewrite the lock’s code and the other opens the door. This method can then be transposed to an Android phone with NFC via a signal-emitting app. The good news is that RFID read-write devices isn’t something everyone owns, so not everyone can pull it off.
The bad news is that these Saflok locks are found in over 13,000 establishments across 131 countries around the world. As a result, it is estimated that there are three million hotel rooms that could be susceptible to this hack. Thankfully, there is a fix. The researchers notified the company back in 2022 and a fix is already underway.
The problem is that all these locks have to be reprogrammed individually which means that it could be a while before all these locks have been patched.
Comments