Invalidated Overnight: 3 Million Locks, One Exploit
In early 2024, security researchers published the "Unbolt" exploit against the Saflok series by dormakaba. The result: Over 3 million electronic locks in hotels, offices, and data centers worldwide were rendered effectively worthless overnight. Not through brute force. Not through a zero-day in a firewall. But through a standard MIFARE card and a fundamental failure in cryptographic architecture.
The terrifying part of the Saflok case isn't the vulnerability itself—it's that it remained undetected for years because the industry relied on proprietary black-box cryptography. Security through Obscurity is not a strategy. It's an illusion with an expiration date.
What Makes the Saflok Exploit So Dangerous
To understand why the Unbolt attack is so effective, one must know the design decisions of the Saflok architecture. The system relies on offline validation: The access decision is not made by a central server, but by the lock itself—autonomously, based on data stored on the RFID card.
This sounds like a robust, network-independent solution. However, it is precisely this trait that enables the attack—because the lock must know the key to verify the card. And a key that resides in the lock can be extracted.
The attack requires no special hardware, no network access, and no insider knowledge. A standard NFC-capable card and publicly documented knowledge are enough to open any door in the affected system.
Why Proprietary Cryptography Always Loses
The Crypto1 algorithm, upon which MIFARE Classic—and thus the Saflok attack—is based, has been mathematically broken for over 15 years. The flaw was structural from the start: achieving security by keeping the algorithm secret provides no security—only a delay. As soon as a researcher or attacker opens the black box, the entire system collapses.
The counter-principle—open, cryptographically audited standards like AES-128—has been available for decades. Manufacturers who still opt for proprietary approaches are making an active choice against verifiable security.
The Evolution of RFID Security: From UID Cloning to Mutual Authentication
In professional audits, we encounter systems from various generations of RFID technology every day—often within the same building. The spectrum ranges from trivially clonable 125 kHz transponders to the current cryptographic gold standard.
Hardnested or Darkside extract sector keys in seconds due to low variance in the internal PRNG. Basis of the Saflok exploit.
In audits, we regularly find buildings using DESFire EV3 cards—and then transmitting the signal unencrypted over a Wiegand cable to the controller. The card is secure. The chain is not.
Wiegand: The 50-Year-Old Protocol Still Hiding in Your Walls
The Wiegand protocol was developed in the 1970s—for a world without networks, without crypto standards, and without attackers installing hardware implants into readers. it transmits data as simple electrical pulses. No encryption. No integrity check. No tamper detection.
An attacker only needs to dismantle the reader on the exterior wall and install a hardware implant like an ESPKey between reader and cable. From that moment on, all card IDs are logged in plaintext and exfiltrated via Bluetooth or WiFi.
# Implant installed behind exterior reader
Target: Wiegand D0/D1 wires between Reader ↔ Controller
Capture: Card-ID recorded as plaintext bitstream
Exfil: Via BLE/WiFi to attacker device in range
Replay: Stored ID sent during next visit
→ Result: Valid card access without ever holding a physical card
The Solution: OSDP with Secure Channel
The Open Supervised Device Protocol (OSDP v2) is the direct, standardized successor to Wiegand. It was developed by the Security Industry Association (SIA) specifically to address Wiegand's flaws.
The Physical Access Control Chain – and Where it Breaks
In physical security audits, we never view access control as a single element, but as a chain of seven attack points. A chain is only as strong as its weakest link.
| Layer | Attack Vector | Tool / Method | Risk |
|---|---|---|---|
| Card (LF) | Passive UID cloning from jacket pocket distance | Proxmark3, Flipper Zero, T5577 emulator |
CRITICAL |
| Card (HF Classic) | Crypto1 key extraction, sector dump | Hardnested, Darkside attack via Proxmark3 |
CRITICAL |
| Protocol (Wiegand) | Hardware implant, replay attack | ESPKey, custom microcontroller implants | CRITICAL |
| Lock Firmware | Offline validation exploit (cf. Saflok) | Reverse Engineering, proprietary key derivation | HIGH |
| Controller Link | Offline lock without real-time blacklist | Revoked card still works until next sync | MEDIUM |
| Card (DESFire EV3) | No known practical attacks | — | LOW |
| OSDP Secure Channel | No known practical attacks | — | LOW |
What a Hardened Access Control Architecture Needs in 2026
- Migrate card standard to DESFire EV2/EV3: Any installation still relying on EM4100, HID Prox, or MIFARE Classic is acutely vulnerable. AES-128 with diversified keys is the minimum standard.
- Replace Wiegand with OSDP v2 (Secure Channel): The most secure card is worthless if the signal behind it is plaintext. For new installations: OSDP only. For legacy: prioritize migration.
- Online connectivity for critical areas: Offline locks cannot reject revoked cards in real-time. Server rooms and high-security zones need online controllers with real-time blacklists.
- Schedule lock firmware audits: The Saflok case shows firmware flaws can go undetected for years. Regular updates and monitoring manufacturer CVEs are mandatory.
- Harden reader mounting against tampering: Exterior readers should use security screws and tamper sensors. A dismantled unit must trigger an immediate alarm.
- Physical Pentest as validation: No manufacturer certificate replaces a real-world test. A structured physical audit uncovers the combinations that look safe on paper but fail in practice.
The complete chain: DESFire EV3 + OSDP Secure Channel + Online Controller + Tamper-resistant housing. Any missing link is an open entry point.
Conclusion: A Physical Lock is Only as Strong as the Code Controlling It
The Saflok case is not just one manufacturer's failure. It is a symptom of an industry that viewed physical security as a hardware problem—forgetting that hardware is controlled by software, and software depends on algorithms.
In a world where a Proxmark3 costs under $300 and exploits like Unbolt are documented, ignorance is no defense. Physical security is applied cryptography. Ignoring this literally opens doors.
Do you know what protocols are in your walls?
We audit your access control chain—from card to controller—and provide concrete upgrade recommendations.
Request Hardware Security Audit →