How to Hack Smart Bluetooth Locks and IoT Devices — Check this Out

http://thehackernews.com/2016/09/hacking-bluetooth-locks.html?m=1

Many smart locks are not hacker safe.

2 Comments

  1. Tomi Engdahl says:

    BlueSteal: Popping GATT Safes
    https://www.twosixlabs.com/bluesteal-popping-gatt-safes/

    In this blog post, we will detail BlueSteal, or the ability to exploit multiple security failures in the Vaultek VT20i. These vulnerabilities highlight the need to include security audits early in the product manufacturing process. These vulnerabilities include CVE-2017-17435 and CVE-2017-17436.

    Reply
  2. Tomi Engdahl says:

    KeyWe Smart Lock unauthorized access and traffic interception
    https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception
    The KeyWe smart lock suffers from multiple design flaws resulting in
    an unauthenticated – potentially malicious – actor being able to
    intercept and decrypt traffic coming from a legitimate user. This
    traffic – as described below – can then be used to execute actions
    (such as opening/closing the lock, denial of service, silencing the
    lock etc.) on behalf of the owner. An attacker could exploit this
    vulnerability by intercepting any legitimate communications to steal
    the key and unlock the door at any point remotely. Communication
    messages between a legitimate application and the lock are transported
    using Bluetooth Low Energy. Before sending they are encrypted using
    AES-128-ECB with a random 2B (two-byte) prefix (functioning as a
    replacement for an Initialization Vector) thus disallowing a third
    party to easily eavesdrop and tamper with commands originating from
    the legitimate parties. The key generation process is, however,
    affected by a serious flaw. Read also:
    https://www.theregister.co.uk/2019/12/11/f_secure_keywe/ and
    https://www.tivi.fi/uutiset/tv/d06ba2bd-3e64-4666-a382-ce5def3c7985

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*