Skip to content

Saflok keycard locks have a security flaw in their RFID system.

# Security Vulnerability in Saflok’s RFID-Based Keycard Locks

A recent discovery by security researchers has unveiled a serious security vulnerability in Saflok’s RFID-based keycard locks, known as Unsaflok. This technique allows hackers to easily open Saflok-brand RFID-based keycard locks by exploiting weaknesses in both the encryption and the underlying RFID system. With over 3 million doors worldwide equipped with Saflok systems, this vulnerability poses a significant threat to the security of properties in 131 countries.

## The Vulnerability

The Unsaflok technique involves obtaining a keycard from a target hotel, reading a specific code from the card using a $300 RFID read-write device, and then writing two keycards of their own. When these two cards are tapped on the lock, the first card rewrites a piece of the lock’s data, allowing the second card to open it almost instantly. This demonstrates how easily hackers can bypass Saflok’s security measures and gain unauthorized access to locked doors.

## Dormakaba’s Response

Dormakaba, the Swiss lock maker behind Saflok, has been working to address these security flaws by informing hotels of the vulnerabilities and assisting them in updating or replacing the vulnerable locks. While the fix involves updating the front desk management system and reprogramming each lock door by door, only 36 percent of installed Safloks have been updated as of this month. The full implementation of the fix is expected to take months, if not years, to complete, leaving many locks susceptible to exploitation.

## Permanent Vulnerability

It is suggested that for many locks, this security vulnerability may be permanent, as some older installations may require hardware upgrades that could take years to implement fully. This poses a long-term risk to the security of properties using Saflok’s RFID-based keycard locks, highlighting the urgent need for comprehensive security measures to protect against potential hacks.

## Key Points

– The Unsaflok technique exposes a security vulnerability in Saflok’s RFID-based keycard locks, allowing hackers to bypass the locks with ease.
– Dormakaba is working to address the security flaws by assisting hotels in updating or replacing the vulnerable locks.
– Only 36 percent of installed Safloks have been updated as of this month, leaving many properties at risk of exploitation.
– Some older installations may require hardware upgrades, making the security vulnerability potentially permanent.
– Comprehensive security measures are needed to protect properties using Saflok’s RFID-based keycard locks from potential hacks.

In conclusion, the security vulnerability in Saflok’s RFID-based keycard locks poses a significant threat to the security of properties worldwide. With the potential for long-term exploitation and the slow implementation of fixes, it is essential for property owners to take proactive measures to enhance the security of their keycard lock systems.

Leave a Reply

Your email address will not be published. Required fields are marked *