Published information about a vulnerability in Saflok electronic locks that can be unlocked with a card with an RFID tag. Vulnerable lock models are most widely used in hotels and are used in approximately 13,000 hotels worldwide that use the System 6000, Ambiance, or Community platforms to manage locks. The total number of hotel doors with Saflok locks is estimated at 3 million. The vulnerability allows a guest, using information from the card for their room or from an expired card of a guest who has moved out, to generate two cards that serve as a master key, which can be used to open all rooms in the hotel.
To perform an attack, you can use not only standard MIFARE Classic cards and a device for writing such cards, but also RFID card emulators such as Proxmark3 and Flipper Zero, as well as any Android smartphone with NFC support. Detailed information about the method of exploitation has not yet been reported, it is only known that the vulnerability affects the key generation function (KDF, Key Derivation Function) used to generate keys based on MIFARE Classic cards, as well as the encryption algorithm used to protect data on cards.
The problem was identified and reported to the lock manufacturer back in September 2022. However, currently only 36% of vulnerable locks are updated, while the remaining 64% remain vulnerable. Fixing the vulnerability is delayed due to the fact that to fix it, you need to update the firmware of each lock or replace the lock, as well as re-issue all cards, update the management software, and update related components associated with cards, such as payment systems, elevators, parking gates, and barriers. Among the lock models that are affected by the vulnerability, the Saflok MT and Saflok RT models are mentioned, as well as the Saflok Quantum, RT, Saffire and Confidential series.
• Video: https://unsaflok.com/videos/video.webm
To perform an attack, you can use not only standard MIFARE Classic cards and a device for writing such cards, but also RFID card emulators such as Proxmark3 and Flipper Zero, as well as any Android smartphone with NFC support. Detailed information about the method of exploitation has not yet been reported, it is only known that the vulnerability affects the key generation function (KDF, Key Derivation Function) used to generate keys based on MIFARE Classic cards, as well as the encryption algorithm used to protect data on cards.
The problem was identified and reported to the lock manufacturer back in September 2022. However, currently only 36% of vulnerable locks are updated, while the remaining 64% remain vulnerable. Fixing the vulnerability is delayed due to the fact that to fix it, you need to update the firmware of each lock or replace the lock, as well as re-issue all cards, update the management software, and update related components associated with cards, such as payment systems, elevators, parking gates, and barriers. Among the lock models that are affected by the vulnerability, the Saflok MT and Saflok RT models are mentioned, as well as the Saflok Quantum, RT, Saffire and Confidential series.
• Video: https://unsaflok.com/videos/video.webm
