August 22, 2024 at 01:54PM Cybersecurity researchers discovered a hardware backdoor in a specific model of MIFARE Classic contactless cards, enabling unauthorized access to open hotel rooms and office doors. The backdoor allows compromising user-defined keys and can be executed through a supply chain attack. Consumers using these cards, widely used in hotels across the … Read more
August 20, 2024 at 02:24PM Quarkslab has uncovered a significant backdoor in Shanghai Fudan Microelectronics Group’s contactless cards, enabling instant cloning of RFID smart cards. This vulnerability affects widely-used MIFARE Classic cards and their variants, potentially compromising user-defined keys. Quarkslab urges swift infrastructure checks and risk assessment, as these cards are not limited to the … Read more
June 7, 2024 at 12:59PM A software vulnerability in Ariane Systems’ kiosk platform (CVE-2024-37364, CVSS 3.0 score 6.8) allows attackers to access hotel guests’ personal data stored in check-in terminals. The exploit bypasses kiosk mode, enabling access to reservations, invoices, PII, and the ability to create room keys. The manufacturer has released a fix, emphasizing … Read more
March 29, 2024 at 11:03AM Security researchers have discovered vulnerabilities in Dormakaba’s Saflok RFID locks used in hotels, allowing threat actors to forge keycards and access locked rooms. These flaws impact over three million hotel locks in 131 countries and remain unexploited in the wild. Dormakaba is addressing the issue by updating affected locks. After … Read more
March 21, 2024 at 02:19PM Researchers discovered a series of vulnerabilities, called “Unsaflok,” in Saflok electronic RFID locks deployed in 13,000 properties worldwide, impacting 3 million doors. The flaws allow attackers to unlock any door using forged keycards, posing a serious security risk. Dormakaba is working on mitigations, but the process is complex and time-consuming. … Read more
February 9, 2024 at 02:23PM The Canadian government plans to ban the Flipper Zero and similar devices due to concerns about their potential use by thieves to steal cars. Despite the company’s claims that the device cannot be used to steal modern cars, Canadian authorities are taking steps to prohibit the importation, sale, and use … Read more