Hacking Hotel Locks: The Saflok Vulnerabilities Expanded -Noah Holland, Josh Stiebel
Noah Holland, Josh Stiebel
DEF CON 33 · Day 1 · Main Stage
This talk, "Hacking Hotel Locks: The Saflok Vulnerabilities Expanded," presented by Noah Holland and Josh Stiebel, delves into the pervasive security flaws within Dormakaba's Saflok and Sapphire electronic lock systems, building upon previous revelations from DEF CON 32. While the original "Unsaflok" presentation highlighted critical vulnerabilities in MiFare Classic-based systems and the ability to create master keys, Holland and Stiebel demonstrate that the problem is far from resolved. Their research exposes new attack vectors, expands the scope of affected systems to other Dormakaba product lines, and critically, reveals that even "patched" systems utilizing MiFare Ultralight C cards remain highly vulnerable if not configured with the highest security settings.
AI review
Holland and Stiebel deliver a technically credible follow-on to Unsaflok that materially expands the threat surface — new attack vectors via HH6, plaintext post-handshake leakage on Ultralight C, and Gen 1 encoder oracle abuse — not just a victory lap on prior work. The scope expansion to Sapphire and residential deployments plus the 'enhanced security' misconfiguration finding give this real staying power beyond the original disclosure. Two undergrads doing this work is either impressive or damning for the vendor, possibly both.