1 min read

Smart Locks Not So Smart with Wi-Fi Security

Bogdan BOTEZATU

August 10, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Smart Locks Not So Smart with Wi-Fi Security

The rise of online property rental in an increasingly competitive sharing economy has had a severe impact on the adoption of Internet-connected smart locks. Packed with features that allow landlords to issue and revoke access by electronically sharing a token or pin code during booking, intelligent locks have managed to eliminate meeting strangers or using key drops.

Unlike most IoT devices, smart locks are physical security boundaries, products originating from top lock companies are preferred to generic brands. But do these devices made by lock companies that made history in the evolution of the modern lock live up to their digital promise?

This article – part of a series developed in partnership with PCMag – aims to shed light on the security of the world’s best-sellers in IoT. PCMag contacted the research team at Bitdefender and asked us to look at several popular devices, including the August Smart Lock and Connect Wi-Fi Bridge. More information is available in this article published on our partner’s website.

Key findings – CVE-2019-17098

The  Bitdefender  IoT  Vulnerability  Research  Team  discovered  that  the  device  talks  with  the  configuration  application  on the smartphone in an encrypted manner, but the encryption key is hardcoded into the app. This allows a potential attacker within range to eavesdrop on the traffic and intercept the Wi-Fi password. While this attack would NOT allow a hacker to unlock the front door, it would let them mount additional attacks against the home network.

This vulnerability is similar to the one identified in the Ring Video Doorbell Pro.

Download the whitepaper

tags


Author



Right now

Top posts

Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

New FluBot and TeaBot Global Malware Campaigns Discovered New FluBot and TeaBot Global Malware Campaigns Discovered
Bitdefender

January 26, 2022

10 min read
Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer
Bitdefender

January 19, 2022

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand
Bogdan BOTEZATU

November 08, 2021

2 min read