What began as a challenge parallel to the Black Hat security conferences in 2022 has ended up being a study with very interesting and terrifying results. And a group of researchers has found a method that is capable of violating the security of a model of RFID locks widely used in hotels. And it is estimated that there are more than 3 million units around the world.
Hotel locks that can be opened with an Android phone
Although the issue is quite worrying, we must begin by saying that, as in most of these types of cases, certain requirements and knowledge are needed that are not available to everyone. For that reason, it may not be something to treat with too much concern, but it is interesting to know how with the necessary knowledge, we would be able to open millions of hotel rooms around the world.
The key is in the lock model, since they are the saflok from the Swiss brand Dormakaba those that the researchers were able to force and ended up revealing their vulnerability. It took them a year and a half to perfect the method, but it seems to be completely effective today.
How to do it
For more than obvious reasons, the researchers have not shared the details of the hack, they have simply listed the steps that are carried out to be able to visualize the process in question. First of all, you need get an official hotel key, either by reserving a room or obtaining one of the left-luggage boxes where used ones are deposited after check-out.
With the key obtained, you must take a reading of the same with a device that can cost about 300 euros. The idea is get a specific code which is stored in all keys. With this information, two different cards must be programmed, one that rewrites data in the lock that you want to open, and the other that is responsible for finally opening the door.
The interesting thing is that with the first code, the necessary keys could already be generated, and that is where an Android phone with NFC or a Flipper Zero could simplify and even automate things, something that would also reduce the costs of the process.
An imminent update
Luckily, researchers have been talking to Dormakaba for a long time, and the manufacturer is already working on solving the problem with its customers. Basically all you need is update or replace the control unit so that a technician can update all linked locks from it.
The question we have now is, are there more vulnerable locks? As always, anything that is electronic and intelligent is susceptible to attack, so nothing better than a physical key and a good lock on the inside to avoid problems. Don't you think?
Source: Wired