Unsaflok: Hacking millions of hotel locks
Lennert Wouters, Ian Carroll
DEF CON 32 Main Stage · Day 1 · Main Stage
In a groundbreaking presentation at DEF CON 32, security researchers Lennert Wouters and Ian Carroll unveiled "Unsaflok," a critical vulnerability impacting millions of hotel locks manufactured by Dormakaba. Their research exposed a fundamental design flaw in the widely deployed **Safelok system**, allowing an attacker to create a universal master key capable of opening any vulnerable hotel room door, even when secured by an internal deadbolt, by simply reading a single, discarded key card from the property. This vulnerability has persisted in the Safelok system since its inception in 1988, affecting both its original magnetic stripe and subsequent RFID iterations.
AI review
Wouters and Carroll delivered a groundbreaking piece of technical research, exposing a decades-old universal master key vulnerability in millions of Dormakaba Safelok hotel locks. Their meticulous reverse engineering, from proprietary software to cryptographic weaknesses in Mifare Classic cards, allowed them to derive a Property ID from a single discarded key card and craft an 'emergency resequence' card capable of opening any door, even with a deadbolt engaged. This talk is a critical wake-up call for the hospitality industry, demonstrating profound technical depth, immense practical…