Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide

August 22, 2024 at 01:54PM Cybersecurity researchers discovered a hardware backdoor in a specific model of MIFARE Classic contactless cards, enabling unauthorized access to open hotel rooms and office doors. The backdoor allows compromising user-defined keys and can be executed through a supply chain attack. Consumers using these cards, widely used in hotels across the … Read more

Hotel Check-in Kiosks Expose Guest Data, Room Keys

June 7, 2024 at 12:59PM A software vulnerability in Ariane Systems’ kiosk platform (CVE-2024-37364, CVSS 3.0 score 6.8) allows attackers to access hotel guests’ personal data stored in check-in terminals. The exploit bypasses kiosk mode, enabling access to reservations, invoices, PII, and the ability to create room keys. The manufacturer has released a fix, emphasizing … Read more

Check-in terminals used by thousands of hotels leak guest info

June 5, 2024 at 04:44PM Ariane Systems’ self check-in systems at hotels globally are vulnerable to a kiosk mode bypass flaw, potentially allowing unauthorized access to guests’ personal information and room keys. Despite the researcher’s attempts to alert the vendor, a proper response is pending. Hotel operators are advised to isolate the vulnerable terminals and … Read more

Hotel check-in terminal bug spews out access codes for guest rooms

April 5, 2024 at 08:40AM A self-service check-in terminal at a German hotel leaked room keycodes due to a security flaw. Anyone could access an array of keycodes within minutes, compromising guest safety and security. Accor Security fixed the issue in a month, and dormakaba’s door locks also faced vulnerabilities. Omni Hotels experienced IT issues, … Read more

Cyberattack Causes Disruptions at Omni Hotels

April 4, 2024 at 10:30AM Omni Hotels & Resorts announced a cyberattack prompted system shutdowns on March 29. With operations in 50 upscale North American hotels and around 14,000 employees, the chain has restored most systems and is investigating the event’s scope with external specialists. Though suspected as ransomware, no group has claimed responsibility. Customers … Read more

Hotel Self Check-In Kiosks Exposed Room Access Codes

April 2, 2024 at 10:03AM Pentagrid reported a vulnerability in self check-in kiosks at Ibis Budget hotels, potentially exposing keypad codes used to enter rooms. The vulnerability was found in Germany, but likely impacted other European hotels. Accor, the brand owner, promptly addressed the issue. The flaw could have allowed unauthorized room access, posing a … Read more

Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds

March 29, 2024 at 11:03AM Security researchers have discovered vulnerabilities in Dormakaba’s Saflok RFID locks used in hotels, allowing threat actors to forge keycards and access locked rooms. These flaws impact over three million hotel locks in 131 countries and remain unexploited in the wild. Dormakaba is addressing the issue by updating affected locks. After … Read more

Millions of Hotel Rooms Worldwide Vulnerable to Door Lock Exploit

March 27, 2024 at 04:46PM Hotel locks vulnerable to cyber compromise for decades are now extending into the digital age, posing ongoing security threats. It appears that the discussion in the meeting focused on the long-standing vulnerability of hotel locks to cyber compromises and their continued susceptibility as they transition into the digital age. Full … Read more

3 million doors open to uninvited guests in keycard exploit

March 22, 2024 at 01:10PM Vulnerabilities in Saflok keycard locks, affecting 3 million hotel locks globally, allow intruders to access locked rooms. Exploit requires access to a valid keycard, enabling attackers to create and rewrite data on the lock. Manufacturer is working on a fix, but upgrades are slow. Guests can verify updates with MIFARE … Read more

Unsaflok flaw can let hackers unlock millions of hotel doors

March 21, 2024 at 02:19PM Researchers discovered a series of vulnerabilities, called “Unsaflok,” in Saflok electronic RFID locks deployed in 13,000 properties worldwide, impacting 3 million doors. The flaws allow attackers to unlock any door using forged keycards, posing a serious security risk. Dormakaba is working on mitigations, but the process is complex and time-consuming. … Read more