August 22, 2024 at 01:54PM Cybersecurity researchers discovered a hardware backdoor in a specific model of MIFARE Classic contactless cards, enabling unauthorized access to open hotel rooms and office doors. The backdoor allows compromising user-defined keys and can be executed through a supply chain attack. Consumers using these cards, widely used in hotels across the … Read more
June 7, 2024 at 12:59PM A software vulnerability in Ariane Systems’ kiosk platform (CVE-2024-37364, CVSS 3.0 score 6.8) allows attackers to access hotel guests’ personal data stored in check-in terminals. The exploit bypasses kiosk mode, enabling access to reservations, invoices, PII, and the ability to create room keys. The manufacturer has released a fix, emphasizing … Read more
June 5, 2024 at 04:44PM Ariane Systems’ self check-in systems at hotels globally are vulnerable to a kiosk mode bypass flaw, potentially allowing unauthorized access to guests’ personal information and room keys. Despite the researcher’s attempts to alert the vendor, a proper response is pending. Hotel operators are advised to isolate the vulnerable terminals and … Read more
April 5, 2024 at 08:40AM A self-service check-in terminal at a German hotel leaked room keycodes due to a security flaw. Anyone could access an array of keycodes within minutes, compromising guest safety and security. Accor Security fixed the issue in a month, and dormakaba’s door locks also faced vulnerabilities. Omni Hotels experienced IT issues, … Read more
April 4, 2024 at 10:30AM Omni Hotels & Resorts announced a cyberattack prompted system shutdowns on March 29. With operations in 50 upscale North American hotels and around 14,000 employees, the chain has restored most systems and is investigating the event’s scope with external specialists. Though suspected as ransomware, no group has claimed responsibility. Customers … Read more
April 2, 2024 at 10:03AM Pentagrid reported a vulnerability in self check-in kiosks at Ibis Budget hotels, potentially exposing keypad codes used to enter rooms. The vulnerability was found in Germany, but likely impacted other European hotels. Accor, the brand owner, promptly addressed the issue. The flaw could have allowed unauthorized room access, posing a … Read more
March 29, 2024 at 11:03AM Security researchers have discovered vulnerabilities in Dormakaba’s Saflok RFID locks used in hotels, allowing threat actors to forge keycards and access locked rooms. These flaws impact over three million hotel locks in 131 countries and remain unexploited in the wild. Dormakaba is addressing the issue by updating affected locks. After … Read more
March 27, 2024 at 04:46PM Hotel locks vulnerable to cyber compromise for decades are now extending into the digital age, posing ongoing security threats. It appears that the discussion in the meeting focused on the long-standing vulnerability of hotel locks to cyber compromises and their continued susceptibility as they transition into the digital age. Full … Read more
March 22, 2024 at 01:10PM Vulnerabilities in Saflok keycard locks, affecting 3 million hotel locks globally, allow intruders to access locked rooms. Exploit requires access to a valid keycard, enabling attackers to create and rewrite data on the lock. Manufacturer is working on a fix, but upgrades are slow. Guests can verify updates with MIFARE … Read more
March 21, 2024 at 02:19PM Researchers discovered a series of vulnerabilities, called “Unsaflok,” in Saflok electronic RFID locks deployed in 13,000 properties worldwide, impacting 3 million doors. The flaws allow attackers to unlock any door using forged keycards, posing a serious security risk. Dormakaba is working on mitigations, but the process is complex and time-consuming. … Read more