1 min read

Smart Locks Not So Smart with Wi-Fi Security

Bogdan BOTEZATU

August 10, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Smart Locks Not So Smart with Wi-Fi Security

The rise of online property rental in an increasingly competitive sharing economy has had a severe impact on the adoption of Internet-connected smart locks. Packed with features that allow landlords to issue and revoke access by electronically sharing a token or pin code during booking, intelligent locks have managed to eliminate meeting strangers or using key drops.

Unlike most IoT devices, smart locks are physical security boundaries, products originating from top lock companies are preferred to generic brands. But do these devices made by lock companies that made history in the evolution of the modern lock live up to their digital promise?

This article – part of a series developed in partnership with PCMag – aims to shed light on the security of the world’s best-sellers in IoT. PCMag contacted the research team at Bitdefender and asked us to look at several popular devices, including the August Smart Lock and Connect Wi-Fi Bridge. More information is available in this article published on our partner’s website.

Key findings – CVE-2019-17098

The  Bitdefender  IoT  Vulnerability  Research  Team  discovered  that  the  device  talks  with  the  configuration  application  on the smartphone in an encrypted manner, but the encryption key is hardcoded into the app. This allows a potential attacker within range to eavesdrop on the traffic and intercept the Wi-Fi password. While this attack would NOT allow a hacker to unlock the front door, it would let them mount additional attacks against the home network.

This vulnerability is similar to the one identified in the Ring Video Doorbell Pro.

Download the whitepaper

tags


Author



Right now

Top posts

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign

How We Tracked a Threat Group Running an Active Cryptojacking Campaign

July 14, 2021

10 min read
A Note from the Bitdefender Labs Team on Ransomware and Decryptors

A Note from the Bitdefender Labs Team on Ransomware and Decryptors

May 26, 2021

2 min read
New Nebulae Backdoor Linked with the NAIKON Group

New Nebulae Backdoor Linked with the NAIKON Group

April 28, 2021

1 min read
Good riddance, GandCrab! We’re still fixing the mess you left behind.

Good riddance, GandCrab! We’re still fixing the mess you left behind.

June 17, 2019

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand
Bogdan BOTEZATU

November 08, 2021

2 min read
Digitally-Signed Rootkits
are Back – A Look at
FiveSys and Companions Digitally-Signed Rootkits are Back – A Look at FiveSys and Companions
Cristian Alexandru ISTRATEBalazs BIRORareș Costin BLEOTUClaudiu COBLIȘ
1 min read
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
Bogdan BOTEZATUVictor VRABIE
9 min read