Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries.
By exploiting weaknesses in both Dormakaba's encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock's data, and the second opens it.
I've never trusted the RFID cards and now hotels ate pushing using your phone as a key! What could possibly go wrong?
I've never trusted the RFID cards and now hotels ate pushing using your phone as a key! What could possibly go wrong?
Never mind hotel doors - more alarming are the smart locks people are installing in their own homes. At some point, society's obsession with the internet and technology is going to backfire in a very bad way, causing people a century from now to wonder WTF we were thinking. At some point the Digital Age will collapse and pave the way for a new Dark Age.
Never mind hotel doors - more alarming are the smart locks people are installing in their own homes. At some point, society's obsession with the internet and technology is going to backfire in a very bad way, causing people a century from now to wonder WTF we were thinking. At some point the Digital Age will collapse and pave the way for a new Dark Age.
Yeah. As convenient as they may seem, I have always been turned off by those locks for personal home use, not only for the reason you note (though I'd imagine the proper security features could help to significantly mitigate) as well as other reasons.
More in line with the subject, we recently stayed at the Regent in Taipei and they had old school, hard keys. Now, I want to be clear that those old school key locks can be easy to pick, too, but--despite the bulkiness of carrying around such a large key--there was a feeling of ease by this setup, though I'm not sure I prefer it to the card entry model all the same.
https://www.wired.com/story/saflok-h...ack-technique/Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries.
Nice of you to post the scare tactic warning, but you left out the part where these same security researchers also noted that "while the vulnerable locks have been commercially available since 1988, they are not aware of real-world attacks exploiting this vulnerability." To determine whether the vulnerability has been exploited, hotel staff can audit the lock’s entry/exit logs, via the HH6 device.
There are many safety and security things to stay vigilant about when traveling, but being concerned about some random person hacking the hotel door lock system and rifling through my possessions when I'm not in my room is not high on my list. If anything, I'd be more concerned about housekeeping or another hotel employee ransacking my room before worrying about some random key card hacker.
Nice of you to post the scare tactic warning, but you left out the part where these same security researchers also noted that "while the vulnerable locks have been commercially available since 1988, they are not aware of real-world attacks exploiting this vulnerability." To determine whether the vulnerability has been exploited, hotel staff can audit the lock’s entry/exit logs, via the HH6 device.
There are many safety and security things to stay vigilant about when traveling, but being concerned about some random person hacking the hotel door lock system and rifling through my possessions when I'm not in my room is not high on my list. If anything, I'd be more concerned about housekeeping or another hotel employee ransacking my room before worrying about some random key card hacker.
Yes, my mother had her Neiman Marcus card stolen by a hotel maid in a 4 star hotel in Houston many years ago.
Yeah. As convenient as they may seem, I have always been turned off by those locks for personal home use, not only for the reason you note (though I'd imagine the proper security features could help to significantly mitigate) as well as other reasons.
If you think of most homes:
1. Keyless door lock, ok hack it/open door but then does the house have an alarm too? Is their a big dog that you meet when you open the door?
2. Could you simply break a window and enter vs. keyless door lock hack?
3. Check the car doors? If not locked is their a garage door opener that will allow you access through the garage? Do you realize you could cut a pizza sized hole in a garage door panel and simply enter the garage. Youtube the "open the garage door trick by pulling the release handle."
After "all this" what are we stealing anyway? What's the "score?" Cash.....nope most people don't carry any anymore. TV's - ehhh is that 85 inch tv worth trying to lift off the wall and then what? Carry it down the street? Guns, jewelry, small electronics? Ehh an Ipad theft could lead the owners right back to you with "find my Ipad."
Home burglary/home invasions are a risky proposition for the thief........justice could come quickly for them if the homeowner is armed! A dozen ways to break into a house, hacking the door lock is not a fear I have.
Never mind hotel doors - more alarming are the smart locks people are installing in their own homes. At some point, society's obsession with the internet and technology is going to backfire in a very bad way, causing people a century from now to wonder WTF we were thinking. At some point the Digital Age will collapse and pave the way for a new Dark Age.
Hotel locks typically aren't online, even if they're 'smart', so it's not really internet-related. If the digital age collapses, it won't be because criminals try to find ways to bypass locks. They've been doing that for many, many centuries.
It's always been an arms race between security and criminals. Now that arms race takes place in the world of computers and code. There's a reason the technology referred to here is called Mifare Classic. It's already been supplanted by more secure technologies.
The biggest problem in this sphere is that many building owners and operators don't wanna spend $ to keep up with advances in technology. But of course one of the initial reasons that buildings switched to such security systems is that they offer many advantages that you traditionally didn't have. One of them being that if a key is lost you don't need to re-key the lock (which traditionally cost hotels a ton of money).
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
