Smart lock design flaw opens the door for attackers

4 Comments

Smart lock

An exploitable design flaw with a smart lock means attackers can easily overcome it and the lock's inability to receive updates means it can't easily be fixed.

Researchers at F-Secure found they were able to exploit poorly designed protocols in the KeyWe Smart Lock to intercept the secret passphrase that controls the lock as it's exchanged between the physical device and the mobile app.

"The lock has several protection mechanisms. Unfortunately, the lock's design makes bypassing these mechanisms to eavesdrop on messages exchanged by the lock and app fairly easy for attackers -- leaving it open to a relatively simple attack. There's no way to mitigate this, so accessing homes protected by the lock is a safe bet for burglars able to replicate the hack," says F-Secure Consulting's Krzysztof Marciniak, a cyber security consultant who helped develop the hack. "All attackers need is a little know-how, a device to help them capture traffic – which can be purchased from many consumer electronic stores for as little as 10 dollars -- and a bit of time to find the lock owners."

The attack is another demonstration of the security challenges facing manufacturers and consumers as IoT devices continue to flood the market.

The KeyWe lock has several security features, including data encryption intended to prevent unauthorized parties from accessing system-critical information, such as the secret passphrase. However, F-Secure has found relatively easy ways to circumvent the system’s security measures. And since the device cannot receive firmware updates, the flaw exploited by the attack cannot be fixed, meaning lock owners will need to replace the lock or live with the risk.

Marciniak recommends individuals consider the security implications of internet-connectivity before replacing their offline devices with online versions, and recommends device vendors perform security assessments on their products as part of their design.

You can find out more on the F-Secure blog.

Image credit: aa-ww/Depositphotos.com

4 Comments

4 Responses to Smart lock design flaw opens the door for attackers

Got News? Contact Us

Recent Headlines

Microsoft eases its foot off the accelerator for Copilot development in Windows 11

Beyond the snapshot: Why continuous risk assessment is essential in today's threat landscape

TUXEDO Stellaris 17 (Gen6): A high-performance portable Linux workstation

New solution helps companies prepare for 90-day TLS standard

Get 'Enterprise Transformation to AI and the Metaverse' (worth $59.99) for FREE

Best Windows apps this week

All you wanted to know about passkeys but were afraid to ask

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.1

78 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

24 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

21 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

18 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

17 Comments

Windows 11 is losing market share to Windows 10

9 Comments

EndeavourOS ARM discontinued: A huge loss for the Linux community

9 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.