Important Update on Hotel Keycard Security 

In the world of hotels, where the comfort and security of guests are paramount, an intriguing piece of news has emerged, highlighting the importance of staying vigilant about our digital safety. 

Researchers have uncovered a method that could potentially unlock the doors of millions of hotel rooms with just a couple of quick taps. This discovery pertains to certain models of door locks branded as Saflok, which utilise RFID technology—essentially a type of wireless communication used for accessing rooms. 

The essence of this discovery lies in the researchers’ ability to exploit some vulnerabilities in the locks' digital encryption and the RFID technology itself. By obtaining any keycard from a hotel—perhaps one from a previous stay or even a discarded card—a skilled individual could manipulate the data on that card to unlock any door within the same hotel. 

This might sound like something out of a spy movie, but it serves as a reminder of the ever-evolving landscape of cyber threats and the need for constant vigilance and updates to security measures. 

The lock manufacturer, Dormakaba, has been proactive in responding to this discovery. They’ve been working to inform hotels about the vulnerability and to provide solutions that would secure the locks against such exploits. For many locks, the fix involves software updates rather than replacing hardware, meaning updates can be rolled out more quickly to secure doors. 

However, the process of updating every lock worldwide is a monumental task, especially as these locks aren't internet-connected and some may require physical upgrades. This means that, for a while, some doors may remain vulnerable. 

For us, the takeaway is clear: while we trust in the places we stay to keep us secure, it’s also important for us to be aware of the security of our digital keys—our access cards. If staying at a hotel, it’s wise not to leave valuables unattended and to make use of internal locks when inside your room. 

This incident is a powerful reminder of the need for cyber resilience—not just in the spaces we inhabit online but also in the physical world. It underscores why we, at the South West Cyber Resilience Centre, are committed to raising awareness and providing support to ensure everyone is a step ahead of potential threats. 

If this update has you concerned about the digital security of your business, especially if you operate within the hospitality sector, remember that we're here to help. Our team offers a range of services designed to assess and fortify your cyber defences, ensuring you're prepared against the unexpected. 

Find out more about SWCRC.