The “Unsaflok” Saflok Flaw: What U.S. Hoteliers Should Know

What was actually disclosed

In March 2024, a team of security researchers publicly disclosed a chain of weaknesses in certain dormakaba Saflok hotel locks. Reported responsibly to the manufacturer well before going public, the findings were nicknamed "Unsaflok." Under specific conditions an attacker could derive the keys needed to forge a working credential for affected locks.

The disclosure drew attention because Saflok is widely deployed, including across the United States. But two facts are worth holding onto from the outset: the issue was reported to dormakaba ahead of publication so a fix could be prepared, and the underlying weakness sat in the lock platform and its use of the aging MIFARE Classic technology — not in the physical card a hotel buys.

Why MIFARE Classic is part of the story

The affected credentials used MIFARE Classic, a contactless chip introduced in the 1990s that relies on a proprietary cipher called Crypto1. Crypto1 has well-documented academic weaknesses going back more than fifteen years; the security community has long treated MIFARE Classic as legacy technology rather than a current best practice.

That context matters because it reframes the headline. "Unsaflok" was not a freak event so much as another demonstration that systems built on MIFARE Classic carry known, age-related risk. The modern alternative, MIFARE DESFire EVx, uses standard AES encryption and is not affected by the same class of attack.

The fix dormakaba issued

dormakaba addressed the disclosure through updates to its lock firmware and changes to how keys are derived and managed, distributed to affected customers. Remediation at a property generally means applying those updates across the lock fleet and reissuing guest credentials so old keys no longer carry exploitable material.

For an operator the practical checklist is short but important. The work is a coordinated software and operational update, not a reason to panic about the plastic on the front desk.

• Confirm with dormakaba or your integrator whether your specific Saflok models and firmware are affected.
• Apply the manufacturer's firmware and key updates across the lock fleet.
• Reissue guest credentials after remediation so superseded keys are retired.
• For new builds and major refits, ask whether a DESFire/AES-based platform is available.

Why your card stock is not the weak link

It is a common misunderstanding that buying cards from one supplier or another changes a property's exposure to something like Unsaflok. It does not. A blank or custom-printed key card is an unprogrammed credential; the security lives in the lock system, its firmware and the keys your property manages — never in who printed the card body.

A reputable, independent card supplier provides compatible blank or branded stock that your team encodes on your own system. It does not clone secured guest cards and cannot introduce a lock vulnerability. The remediation for Unsaflok is firmware and key management from the lock manufacturer; the cards are simply the medium your platform writes to.

The measured takeaway for U.S. hoteliers

Unsaflok is best understood not as a scare but as a prompt. If you run affected Saflok locks, coordinate the manufacturer's remediation and reissue your cards. More broadly, treat it as one more data point that MIFARE Classic is aging out, and factor a move toward AES-based DESFire into your next lock decision.

None of this requires alarm at check-in, and none of it changes where you buy your key cards. It is an operational and platform question — exactly the kind hospitality teams handle every day.