Ethical hackers expose vulnerabilities in millions of hotel key card locks

Ethical hackers recently uncovered a vulnerability that allows them to forge master keys for millions of hotel locks around the world.

Here's What We Know

Saflok Dormakaba electronic RFID locks, which are widely used in hotels, have been found to have a significant security flaw. This flaw allows hackers to clone hotel keycards and give them access to any room in the building.

The researchers found that most hotels using these locks use System 6000, Ambiance, or Community management software. Attackers can control this exploit (software or a script to detect software vulnerabilities) with any device that can write data to a card, such as an Android phone with NFC. The issue affects millions of hotel rooms in 131 countries.

Although the manufacturer has already fixed the issue, it is difficult to determine whether all affected hotels have already updated their security systems. The locks that have been updated are indistinguishable from the vulnerable ones in appearance, making it difficult to determine which systems have been updated. However, hotels that use MIFARE Ultralight C cards are likely to have already completed the upgrade process.

Source: TechSpot