This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. For an explanation of our Advertising Disclosure, visit this page.
I often write about ways to keep yourself, your loved ones and your valuables safe while traveling. For some background, I’ve traveled over three million miles, to 70+ countries, have stayed in thousands of hotels and haven’t had any major problems like getting my stuff stolen. It’s because I’ve been aware, vigilant and lucky. Heck, even Rick Steves has been pickpocketed three times.
Wired published a disturbing story yesterday titled: Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds. Turns out, every August, there are hacker conferences that take place in Las Vegas. It’s smart of the city to invite them because they’re trying to figure out the vulnerabilities in their infrastructure, including casino and hospitality technology.
Results are just being released from a 2022 private event where a select group of hackers were invited to hack a Vegas hotel room. Unfortunately, they discovered a technique that “would allow an intruder to open any of millions of hotel rooms worldwide in seconds, with just two taps.”
According to Wired, “Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries.”
Gulp.
The good news is that the company has a fix. The bad news is that it’s going to take a few months to get to all of their properties.
Carroll and Wouters say “hotel guests can recognize the vulnerable locks most often—but not always—by their distinct design: a round RFID reader with a wavy line cutting through it. They suggest that if hotel guests do have a Saflok on their door, they can determine if it’s been updated by checking their keycard with the NFC Taginfo app by NXP, available for iOS or Android. If the lock is manufactured by Dormakaba, and that app shows that the keycard is still a MIFARE Classic card, it’s likely still vulnerable.”
This is a lot for the average consumer to do so I think it’s best to follow their other piece of advice if your hotel hasn’t fixed the lock. “There’s not much to do other than avoid leaving valuables in the room and, when you’re inside, bolt the chain on the door.” They warn that the deadbolt on the room is also controlled by the keycard lock, so it doesn’t provide an extra safeguard.
As I’ve pointed out in other stories, you can’t trust the locks, including the safety latch as they can be opened in seconds. That’s why I pack a door stopper and recommend using other devices if you’re really concerned. Read this story about how criminals are using an insider device to break into hotel rooms and see the videos below:
Here’s a demonstration of how easy it is to open a folding latch from the outside:
And here’s an example of a swing bar latch:
KEEP READING:
–Is Your Hotel Scamming You?
–Don’t Fall For It: Scammers Are Pretending to be Customs and Border Protection Agents
–Cybersecurity and Fraud Expert Shares Tips on How Not to Get Scammed When Traveling
–How To Avoid Vacation Rental Scams
–Don’t Fall For These QR Code Scams
Want more travel news, tips and deals? Sign up to Johnny Jet’s free newsletter and check out these popular posts: The Travel Gadget Flight Attendants Never Leave Home Without and 12 Ways to Save Money on Baggage Fees. Follow Johnny Jet on MSN, Facebook, Instagram, Pinterest, and YouTube for all of my travel posts.
Bad people have to much free time on their hands.