Security News > 2024 > March > 3 million doors open to uninvited guests in keycard exploit

Around 3 million doors protected by popular keycard locks are thought to be vulnerable to security flaws that allow miscreants to quickly slip into locked rooms.

Security researchers developed an exploit that applies to various Saflok keycard locks made by Swiss security company dormakaba, ones that are prevalent in hotels around the world, as well as properties of multiple occupancy.

The researchers who worked on the exploit, dubbed "Unsaflok," said more than 3 million hotel locks across 131 countries are affected.

Saflok MT and Saflok RT Plus are the most common models people may have encountered on their travels, although all locks using the Saflok system are vulnerable - these include door locks, and the keycard readers used in elevators and parking garages.

It's not just the door locks that need upgrading - the hotel software also needs upgrading, as do the keycard encoders, and the keycards themselves.

Going back to 2012, researchers demonstrated a way to break into Onity locks too during that year's Black Hat event - the same event that saw Unsaflok flaunted in 2022, albeit behind the closed doors of a private security competition to which the researchers were invited.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/03/22/tap_and_go_straight_to/