Security researchers disclose vulnerability in three million Dormakaba Saflok RFID locks used in hotels and homes across 131 countries

A group of security researchers has disclosed a vulnerability in three million Dormakaba Saflok RFID locks that they first discovered in 2022 and reported to Dormakaba. This vulnerability affects locks used in hotels and homes across 131 countries, and Dormakaba has only fixed 36% of the locks to prevent illegal entry.

Vulnerable door locks include the Confidant series, Quantum series, Saffire series, Saflok MT series, and Saflok RT series. Management software including the Ambiance, Community, and System 6000 series are also affected. The only fix is to replace or upgrade the door locks, management software, card encoders, and all keycards.

Criminals merely need access to one card from the premise, expired or active, to create a working NFC key that can open all Saflok doors on the property. This NFC key can reside on a MIFAR Classic card, a pocket NFC wireless tool, or any Android phone with NFC. A quick search of the vulnerable aspects of the Saflok system brings up code for tools to read the KDF key and do further calculations, so the Pandora’s Box has been opened.

Upgraded locks cannot be visually identified, however the researchers suggest using an NFC card reader to identify the type of card used on premise (MIFARE Ultralight C cards are secure, MIFARE classic cards are vulnerable).

The ease of creating a master lock key means readers should ensure their doors are physically secured by a second method (such as a portable door bar) and their safety is protected with a defensive weapon (such as pepper spray) if they must stay somewhere with a non-upgraded, Saflok RFID lock.