(NewsNation) — A vulnerability in a hotel and multifamily housing keycard system would allow someone to unlock each room in a hotel using a single pair of forged keycards, according to a statement from the security researchers who discovered the issue.
The vulnerability impacts more than 3 million hotel locks on more than 13,000 properties in 131 countries.
The security company that owns the locks, Dormakaba, isn’t aware of any instances of the vulnerability being exploited, it said on its website.
A group of security researchers notified the company of potential safety issues in September 2022. Dormakaba began working to fix the issue and upgrade hotels in November 2023. As of March of this year, about 36% of those locks have been updated or replaced.
“As soon as we were made aware of the vulnerability by a group of external security researchers, we initiated a comprehensive investigation and prioritized developing and rolling out a mitigation solution,” Dormakaba said in an official statement posted to its website. “With a mitigation solution available now, customer communication has been initiated.”
The lock system can undo a deadbolt from software and the deadbolt can be overridden by a malicious keycard, according to the researchers. For added safety, hotel guests should use another physical locking device, such as the chain lock found on many hotel doors.
