Information has been published about a vulnerability in Saflok electronic locks, which are unlocked with a card with an RFID tag. Vulnerable lock models are most common in hotels and are used in approximately 13 thousand hotels worldwide that use the System 6000, Ambiance or Community platforms to manage locks. The total number of hotel doors on which Saflok locks are installed is estimated at 3 million. The vulnerability allows a guest, using information from the card for his room or from the expired card of a guest who has moved out, to generate two cards that act as a master key, which can be used to open all rooms in the hotel.
To carry out an attack, you can use not only standard MIFARE Classic cards and a device for writing such cards, but also RFID card emulators, such as Proxmark3 and Flipper Zero, as well as any Android smartphone with NFC support. Detailed information about the exploitation method has not yet been reported, all that is known is that the vulnerability affects the key generation function (KDF, Key Derivation Function), used to generate keys based on MIFARE Classic cards, as well as the encryption algorithm used to protect data on the cards.
The problem was identified and reported to the lock manufacturer back in September 2022. However, currently only 36% of vulnerable locks have been updated and the remaining 64% remain vulnerable. Elimination of the vulnerability is delayed due to the fact that in order to eliminate it, it is necessary to update the firmware of each lock or replace the lock, as well as reissue all cards, update the control software and update related components associated with the cards, such as payment systems, elevators, parking gates and barriers. Among the lock models in which the vulnerability is manifested, the Saflok MT and Saflok RT models, as well as the Saflok Quantum, RT, Saffire and Confidant series are mentioned.
Source: opennet.ru