A published vulnerability has been found in the electronic locks of Saflok, which are unlocked by a card with an RFID tag. These vulnerable locks are primarily utilized in hotels, with approximately 13 thousand hotels worldwide using the System 6000, Ambiance, or Community platforms to control the locks. It is estimated that there are about 3 million doors in hotels that have SAFLOK locks installed. The vulnerability allows a guest to generate two cards that can be used to open all rooms in the hotel by utilizing information from a card number or an expired card.
An attack exploiting this vulnerability can involve using typical Mifare Classic cards, a device for recording such cards, as well as RFID cards like Proxmark3 and Flipper Zero, and even any Android Smartphone with NFC support. The specific operating method has not been disclosed yet, but it is known that the vulnerability affects the key function (KDF) used to generate keys based on MIFARE CLASSIC, as well as the encryption algorithm used to protect data on the cards.
The issue was identified and reported to the lock manufacturer in September 2022. However, currently, only 36% of the vulnerable locks have been updated, leaving the remaining 64% still vulnerable. The delay in addressing the vulnerability is due to the requirement of updating the firmware of each lock or replacing the lock entirely, updating all cards, control software, and associated components like payment systems, elevators, parking gates, and barriers. The Saflok MT and Saflok RT models, as well as the Saflok Quantum, RT, Saffire, and Confidant models, are among those mentioned as susceptible to the vulnerability.