Researchers have unveiled vulnerabilities impacting approximately 3 million Saflok electronic RFID locks found in 13,000 hotels and homes globally, which could potentially enable unauthorized access to any door in a hotel by creating fake keycards.
Discovered by a team of researchers including Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, shell, and Will Caruana in September 2022, these security flaws, dubbed “Unsaflok,” were brought to light during a private hacking event in Las Vegas. At the event, various teams competed to identify vulnerabilities within a hotel room and its associated devices. The researchers focused on scrutinizing the Saflok electronic lock system and uncovered flaws that could compromise the security of any door in the hotel.
After notifying the manufacturer, Dormakaba, of their findings in November 2022, the researchers allowed time for the vendor to address the issues and inform affected hotels without publicizing the matter.
Despite no confirmed instances of exploitation in the wild, the researchers caution that these vulnerabilities have existed for over 36 years, raising concerns about potential misuse. The researchers publicly disclosed the Unsaflok vulnerabilities, alerting the public to their impact on nearly 3 million doors utilizing the Saflok system.
The Unsaflok vulnerabilities involve a series
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: