Hardware Security Vulnerability Unearthed in RFID Cards Utilized in Hotels and Offices Globally

AndyC 23 August 2024

Aug 22, 2024Ravie LakshmananHardware Security / Supply Chain Breach

A critical vulnerability has been found in a specific type of MIFARE Classic contactless cards that may permit unauthorized access to hotel rooms and office premises through mani

Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide

Aug 22, 2024Ravie LakshmananHardware Security / Supply Chain Breach

Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide

A critical vulnerability has been found in a specific type of MIFARE Classic contactless cards that may permit unauthorized access to hotel rooms and office premises through manipulation of a hardware backdoor.

These exploits are targeted at FM11RF08S, a newer version of MIFARE Classic introduced by Shanghai Fudan Microelectronics in 2020.

“The presence of the FM11RF08S backdoor enables any entity with awareness of it to compromise all user-defined keys on these cards, even when fully diversified, by gaining access to the card for a brief period,” remarked Philippe Teuwen, a researcher at Quarkslab. He explained.

Cybersecurity

Not only is the secret key universally shared among existing FM11RF08S cards, the inquiry confirmed that “the attacks could be carried out immediately by an entity capable of executing a supply chain breach.”

Adding to the complexity, a similar vulnerability has been detected in the predecessor, FM11RF08, which is secured with another key. This vulnerability has been traced back to cards manufactured as early as November 2007.

A refined version of the attack could accelerate the key cracking process by five to six times by partially reverse engineering the nonce generation mechanism.

“The exploit […] enables the instantaneous duplication of RFID smart cards employed to unlock office doors and hotel rooms globally,” the company stated.

“While the backdoor only necessitates a brief physical interaction with a compromised card to launch an attack, a threat actor capable of executing a supply chain breach could carry out such attacks rapidly and on a large scale.”

End-users are advised to verify their susceptibility, especially considering the widespread use of these cards in hotels across the United States, Europe, and India.

Cybersecurity

The backdoor and its key “empowers us to execute new methods to extract and replicate these cards, even in cases where all keys have been correctly diversified,” noted Teuwen. He highlighted.

This is not the first incident where security flaws have been exposed in locking mechanisms used in hotels. Earlier this March, vulnerabilities were discovered in Dormakaba’s Saflok electronic RFID locks, indicating significant weaknesses that could be exploited by malicious actors to forge keycards and access locked doors.

Enjoyed this article? Stay connected with us on Twitter and LinkedIn for more exclusive updates.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

AndyC 20 December 2025
Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

AndyC 20 December 2025
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

AndyC 20 December 2025
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

AndyC 19 December 2025
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

AndyC 19 December 2025
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

AndyC 19 December 2025

You may have missed

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
The WAF must die – some interesting thoughts – FireTail Blog

The WAF must die – some interesting thoughts – FireTail Blog

AndyC 20 December 2025
The WAF must die – some interesting thoughts – FireTail Blog

The WAF must die – some interesting thoughts – FireTail Blog

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.