Hackers have found a way to open any of the 3 million hotel key locks in seconds
Hackers have discovered a technique that will allow attackers to unlock any of the millions of hotel rooms around the world in seconds.
Ian Carroll and Lennert Wouters, along with a team of other security researchers, have unveiled a hotel key card hacking method called Unsaflok that exposes a number of security vulnerabilities that allow a hacker to almost instantly unlock certain models of the Saflok RFID brand. The locks are based on card-keys sold by the Swiss lock manufacturer Dormakaba, Wired reports.
Saflok card-key systems are installed on approximately 3 million doors worldwide in 13,000 facilities in 131 countries per outlet.
Carroll and Wouters' technique starts with obtaining any key card from the target hotel, reading a specific code from that card with an RFID reader-writer (which can be easily purchased for $300), and then writing two key cards of their own. According to Wired, when they tap these two cards on the lock, the first overwrites some of the lock's data and the second opens it.
"Two quick taps and we open the door," said Wouters, a researcher in the Computer Security and Industrial Cryptography group at Belgium's KU Leuven University. "And it works on all the doors in the hotel."
In such a situation, Carroll and Wouters advise guests to avoid storing valuables in their room and lock the door chain while they are inside. They noted that the deadbolt is also controlled by a key card lock, so it will not provide additional protection.
As TravelWise reported, a tourist was shocked to learn that the hotel she had booked for a £3,000 family vacation was nine hours away from the airport with no transportation.