Android Phones Can Open Almost Any Hotel Room Door, Hackers Say
Hackathon
When invited to hack into a Las Vegas hotel's infrastructure, a group of digital good Samaritans discovered a glaring security issue with its lock system — and more than 18 months later, the company still hasn't fully fixed the problem.
As Wired reports, hackers Ian Carroll and Lennert Wouters discovered the insecurities with RFID-enabled doors made by the Swiss lock company Dormakaba in during a 2022 conference.
As the white-hat hacking team learned, Dormakaba's Saflok keycard lock system, which is installed in a whopping three million hotel rooms in 131 countries around the world, could easily be exploited with an inexpensive RFID read-write device. Install the code gleaned from any used keycard onto two separate ones — one to rewrite a given door's security code and the second to unlock it — and you can easily get in.
If you have an Android equipped with near-field community or NFC capabilities, the process is even easier. By downloading a signal-emitting app, you can use it to emit a signal that does the same thing as the two-card method.
Slow Rolling
By November of 2022, the team behind "Unsaflok" shared their findings with the company, which claimed that it was going to begin updating the system in early 2023.
This many months later, however, Carroll and Wouters say that in updates shared with them earlier in March, the company has only updated 36 percent of its doors to fix the exploit. What's worse, Dormakaba warned them that it may take months or even years, in some cases, to fully address the problem because many of the properties that use its older wares don't have internet-connected locks and therefore can't be remotely patched. Those hotels, the company said, will require an entirely new hardware install.
In a statement provided to the website, the Swiss company maintained that it has "worked closely with our partners to identify and implement an immediate mitigation for this vulnerability, along with a longer-term solution" — but as past precedent shows, waiting may make things worse.
At Vegas' Black Hat conference in 2012, another hacker presented in greater detail a vulnerability with keycard locks created by the firm Onity, which as Wired notes operates a staggering 10 million locks around the world. Onity initially refused to pony up for the necessary hardware upgrades and left mitigation up to hotels — and eventually, people began exploiting the trick to rob rooms.
To avoid a similar problem, the Unsaflok team has opted against revealing every aspect of their discovery to the public.
"We're trying to find the middle ground of helping Dormakaba to fix it quickly, but also telling the guests about it," Carroll told Wired. "If someone else reverse engineers this today and starts exploiting it before people are aware, that might be an even bigger problem."
More on hacks: Hackers Can Spy on Your Chats With Almost Any AI, Experts Find