In this blog post, we will detail BlueSteal, or the ability to exploit multiple security failures in the Vaultek VT20i. These vulnerabilities highlight the need to include security audits early in the product manufacturing process. These vulnerabilities include CVE-2017-17435 and CVE-2017-17436.
KeyWe Smart Lock unauthorized access and traffic interception https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception
The KeyWe smart lock suffers from multiple design flaws resulting in
an unauthenticated – potentially malicious – actor being able to
intercept and decrypt traffic coming from a legitimate user. This
traffic – as described below – can then be used to execute actions
(such as opening/closing the lock, denial of service, silencing the
lock etc.) on behalf of the owner. An attacker could exploit this
vulnerability by intercepting any legitimate communications to steal
the key and unlock the door at any point remotely. Communication
messages between a legitimate application and the lock are transported
using Bluetooth Low Energy. Before sending they are encrypted using
AES-128-ECB with a random 2B (two-byte) prefix (functioning as a
replacement for an Initialization Vector) thus disallowing a third
party to easily eavesdrop and tamper with commands originating from
the legitimate parties. The key generation process is, however,
affected by a serious flaw. Read also: https://www.theregister.co.uk/2019/12/11/f_secure_keywe/ and https://www.tivi.fi/uutiset/tv/d06ba2bd-3e64-4666-a382-ce5def3c7985
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
2 Comments
Tomi Engdahl says:
BlueSteal: Popping GATT Safes
https://www.twosixlabs.com/bluesteal-popping-gatt-safes/
In this blog post, we will detail BlueSteal, or the ability to exploit multiple security failures in the Vaultek VT20i. These vulnerabilities highlight the need to include security audits early in the product manufacturing process. These vulnerabilities include CVE-2017-17435 and CVE-2017-17436.
Tomi Engdahl says:
KeyWe Smart Lock unauthorized access and traffic interception
https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception
The KeyWe smart lock suffers from multiple design flaws resulting in
an unauthenticated – potentially malicious – actor being able to
intercept and decrypt traffic coming from a legitimate user. This
traffic – as described below – can then be used to execute actions
(such as opening/closing the lock, denial of service, silencing the
lock etc.) on behalf of the owner. An attacker could exploit this
vulnerability by intercepting any legitimate communications to steal
the key and unlock the door at any point remotely. Communication
messages between a legitimate application and the lock are transported
using Bluetooth Low Energy. Before sending they are encrypted using
AES-128-ECB with a random 2B (two-byte) prefix (functioning as a
replacement for an Initialization Vector) thus disallowing a third
party to easily eavesdrop and tamper with commands originating from
the legitimate parties. The key generation process is, however,
affected by a serious flaw. Read also:
https://www.theregister.co.uk/2019/12/11/f_secure_keywe/ and
https://www.tivi.fi/uutiset/tv/d06ba2bd-3e64-4666-a382-ce5def3c7985