March 22, 2024 at 07:54AM
Security researchers have identified a security vulnerability, named Unsaflok, in Dormakaba’s Saflok electronic locks. This issue impacts over three million locks used in hotels and multi-family housing across 131 countries and allows attackers to forge keycards and open doors. Dormakaba is currently working on patches, but only 36% of affected locks have been fixed to date.
Based on the meeting notes, the key takeaways are as follows:
1. A security vulnerability, named Unsaflok, impacts over three million Dormakaba’s Saflok electronic locks commonly used in hotels and multi-family housing environments across 131 countries. Vulnerable lock models include Saflok MT and the Quantum, RT, Saffire, and Confidant series devices.
2. The vulnerability allows attackers to forge keycards and unlock any door on a property where vulnerable locks are used using a keycard from that property.
3. Dormakaba has started rolling out patches for the vulnerability, but the process is slow and only 36% of affected locks have received the fix to date. The company has prepared self-diagnosis guidance and encourages customers to address the vulnerability as soon as possible.
4. It is recommended for hotel staff to audit the lock’s entry/exit logs via the HH6 device to determine whether the vulnerability has been exploited.
5. While the use of MIFARE Ultralight C cards instead of MIFARE Classic cards means that the hotel has been upgraded, the vulnerability continues to exist in Dormakaba Saflok systems.
Please let me know if you need further information or if there are any other specific details you would like to focus on.