1. InfoconDB
  2. DEF CON
  3. DEF CON 32 (2024)
  4. Unsaflok: Hacking millions of hotel locks

Unsaflok: Hacking millions of hotel locks

Presented at DEF CON 32 (2024), Aug. 10, 2024, 3:30 p.m. (45 minutes).

Electronic hotel locks have been in use for over three decades, and have become an integral part of the hospitality sector. Las Vegas has over 150.000 hotel rooms, many of which use an RFID based electronic lock for access control. Most hotel guests rely on these locks to safeguard personal belongings and to protect their personal safety. However, some of these long-deployed locks have never been publicly scrutinized by the research community. This presentation covers the discovery of vulnerabilities affecting three million dormakaba Saflok locks. The Saflok system relied on a proprietary key derivation function for its MIFARE Classic cards and a proprietary encryption algorithm for the card contents. Reverse engineering the Saflok system allowed us to forge valid keycards. After reading a single, low privilege, guest card we are able to create a pair of forged key cards that allow us to deactivate the deadbolt and open any room at the property. We reported these vulnerabilities to dormakaba in September of 2022, as part of this presentation we will discuss the responsible disclosure and mitigation processes. Additionally, we will demonstrate how you can determine if your own hotel room has been patched to help ensure your personal safety. 1. My Arduino can beat up your hotel room lock - Onity locks - Cody Brocious - Blackhat 2012 2. Ghost In The Locks: Owning Electronic Locks Without Leaving A Trace - Vingcard locks - Tomi Tuominen and Timo Hirvonen - HITBGSEC 2018

Presenters:

  • Lennert Wouters - Security Researcher, Computer Security and Industrial Cryptography (COSIC) at KU Leuven University
    Lennert Wouters is a security researcher at the Computer Security and Industrial Cryptography (COSIC) research group at the KU Leuven University in Belgium. Lennert's main research interests cover hardware security for embedded systems and physical attacks.
  • Ian Carroll - Independent Security Researcher
    Ian Carroll is an independent security research and founder of Seats.aero. Ian's main research interests involve application security, especially in the travel industry.

Similar Presentations: