1 min read

Vulnerability Identified in the Kwikset Halo Smart Lock

Bitdefender

April 06, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Vulnerability Identified in the
Kwikset Halo Smart Lock

Connected security devices play an important role in the ecosystem of the modern home. They help residents keep an eye on who’s on or near the premises, track temperature and humidity, and, in general, monitor what’s going on at home when they’re not around. As these devices are packed with digital “eyes” and other sensors, vulnerabilities and logic flaws can leave them under the control of cybercriminals who turn them into espionage tools.

As the creator of the world’s first smart-home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities that might affect customers if left unaddressed. This research paper, part of a series developed in partnership with Tom’s Guide, aims to shed light on the security of the world’s best-sellers in the IoT space.

Vulnerability at a glance

An issue in the companion mobile app can expose sensitive device data, such as authentication token, user info, and the serial number of the smart lock.

Disclosure timeline

  • Nov 09, 2021: Bitdefender contacts the vendor and shares information about the vulnerability
  • Dec 16, 2021: Vendor releases a fix via the Android app update
  • Apr 06, 2022: Bitdefender publishes this report.

Download the whitepaper

Mitigation

While the app update fixes this issue, smart home adopters should constantly monitor IoT devices and segregate them from the main local network.

Additionally, IoT users can use the free Bitdefender Smart Home Scanner app to scan for connected devices, identify and highlight vulnerable ones. IoT device owners should also make sure that they check for newer firmware and update devices as soon as the vendor releases new versions.

To minimize risks of compromise, smart home users should consider the adoption of a network cybersecurity solution integrated into the router, such as the NETGEAR Orbi or Nighthawk routers powered by Bitdefender Armor.

tags


Author



Right now

Top posts

A Red Team Perspective on the Device42 Asset Management Appliance

A Red Team Perspective on the Device42 Asset Management Appliance

August 10, 2022

1 min read
Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Vulnerabilities Identified in EZVIZ Smart Cams Vulnerabilities Identified in EZVIZ Smart Cams
Bitdefender

September 15, 2022

2 min read
Vulnerabilities Identified in Eufy
2K Indoor Camera Vulnerabilities Identified in Eufy 2K Indoor Camera
Bitdefender

May 31, 2022

2 min read
Vulnerabilities Identified in Neos SmartCam IoT Device Vulnerabilities Identified in Neos SmartCam IoT Device
Bitdefender

April 22, 2022

3 min read