CosicBeDec 11
Imagine walking into a hotel… with two forged cards that open every door. That’s #Unsaflok, explained by Lennert Wouters (COSIC) at the Cybersecurity Industry Day: https://www.youtube.com/watch?v=4hnrGBum_ws
A cascade of flaws put 3M+ Saflok hotel locks in 131 countries at risk.
Cybersecurity Industry Day 2025 - Unsaflok: Hacking Millions of Hotel Locks (Lennert Wouters, COSIC)

YouTube
CosicBeDec 10
Imagine walking into a hotel… with two forged cards that open every door. That’s #Unsaflok, explained by Lennert Wouters (COSIC) at the Cybersecurity Industry Day:
https://www.youtube.com/watch?v=4hnrGBum_ws
A cascade of flaws put 3M+ Saflok hotel locks in 131 countries at risk.
Cybersecurity Industry Day 2025 - Unsaflok: Hacking Millions of Hotel Locks (Lennert Wouters, COSIC)

YouTube
zougMar 30, 2024

Quelques mois avant les #jo2024 , une vulnérabilité majeure a été découverte dans Saflok, une techno utilisée partout dans le monde (surtout dans les hôtels) pour l'accès à des chambres via carte #RFID. Ça a été baptisé #Unsaflok et c'est décrit en détail sur https://unsaflok.com/

Le processus de patch a débuté dès Novembre 2023, le site parle de 36% des serrures qui ne sont plus vulnérables. Pour celles qui le sont toujours, par contre, la faille est assez dramatique :

> An attacker only needs to read one keycard from the property to perform the attack against any door in the property. This keycard can be from their own room, or even an expired keycard taken from the express checkout collection box.

Les chercheurs n'ont pas publié plus d'infos sur les vulnérabilités (i.e. pas de PoC). Un article de WIRED sur le sujet : https://www.wired.com/story/saflok-hotel-lock-unsaflok-hack-technique/

Unsaflok

Unsaflok is a series of serious security vulnerabilities in the Saflok brand of hotel locks.

Unsaflok
Marcel SIneM(S)USMar 29, 2024
l+f: "#Unsaflok" – unsichere Hotel-Türschlösser | Security https://www.heise.de/news/l-f-Unsaflok-unsichere-Hotel-Tuerschloesser-9666299.html
l+f: "Unsaflok" – unsichere Hotel-Türschlösser

Mit einem Paar gefälschter Karten lassen sich Millionen Hotelzimmer öffnen. Im März sind rund ein Drittel der Schlösser gefixt.

heise online
Mosfet CorleyMar 27, 2024

https://www.schneier.com/blog/archives/2024/03/security-vulnerability-in-safloks-rfid-based-keycard-locks.html

„A team of […] security researchers are revealing a #hotel #keycard hacking technique they call #Unsaflok. The technique is a collection of #security vulnerabilities that would allow a hacker to almost instantly open several models of #Saflok-brand #RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries.“

Security Vulnerability in Saflok’s RFID-Based Keycard Locks - Schneier on Security

CharlesMar 23, 2024

"Unsaflok is a series of vulnerabilities that, when chained together, enable an attacker to unlock any room in a property using a pair of forged keycards."

This vulnerability can also unlock deadbolts.

My wife found a device like this to bring to hotel rooms to prevent unauthorized entry: https://www.amazon.com/dp/B0BTTPTPVW?starsLeft=1&ref_=cm_sw_r_cso_sms_apin_dp_144K0NRXC04GA6VW5VFH&th=1.

https://www.bleepingcomputer.com/news/security/unsaflok-flaw-can-let-hackers-unlock-millions-of-hotel-doors/

#infosec #security #doors #locks #safety #Unsaflok

securityaffairsMar 22, 2024
#Unsaflok flaws allow to open millions of doors using #Dormakaba #Saflok electronic locks
https://securityaffairs.com/160900/hacking/unsaflok-flaws-dormakaba-saflok-electronic-locks.html
#securityaffairs #hacking
Unsaflok flaws allow to open millions of doors using Dormakaba Saflok electronic locks

A flaw in Dormakaba Saflok electronic locks, dubbed Unsaflok, can allow threat actors to open millions of doors worldwide.

Security Affairs
ricardo Mar 22, 2024

#Unsaflok flaw can let hackers unlock millions of hotel doors

https://www.bleepingcomputer.com/news/security/unsaflok-flaw-can-let-hackers-unlock-millions-of-hotel-doors/

Unsaflok flaw can let hackers unlock millions of hotel doors

Security vulnerabilities in over 3 million Saflok electronic RFID locks deployed in 13,000 hotels and homes worldwide allowed researchers to easily unlock any door in a hotel by forging a pair of keycards.

BleepingComputer
WinFuture.deMar 22, 2024
#Hacker haben Schwachstellen in einem der verbreitetsten Schlüsselkarten-Systeme gefunden und können in Millionen Hotel-Zimmer in aller Welt gelangen. #Unsaflok https://winfuture.de/news,141863.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia
Hacker können Schlösser von Millionen Hotel-Zimmertüren öffnen

Hackern ist es gelungen, Schlüsselkartenschlösser eines der größten Anbieter in diesem Bereich zu knacken. Dadurch wird es ihnen im Grunde möglich, binnen Sekunden jedes von Millionen Hotelzimmern rund um die Welt zu betreten.

WinFuture.de
Research Network Digi-Oek.chMar 21, 2024

[en] Serious security vulnerabilities in electronic RFID locks from dormakaba

"... identified weaknesses allow an attacker to unlock all rooms in a hotel using a single pair of forged keycards. Over [3m] hotel locks in 131 countries are affected."

"As of 03/2024, ... 36% of the impacted locks have been updated or replaced."

https://unsaflok.com/

#ResearchHighlights #dormakaba #kaba #saflok #unsaflok #privacy #rfid #rfidlock #cybersecurity #ictsecurity #itsecurity #infosec #security

Unsaflok

Unsaflok is a series of serious security vulnerabilities in the Saflok brand of hotel locks.

Unsaflok