Our users’ security is our top priority and we are continuously working to resolve any issues and avoid them in the future.”ĭid you enjoy reading this article? Like our page on Facebook and follow us on Twitter. The company also issued the following statement to CNET:
See: Hackers infect Canon DSLR camera with ransomwareĭespite the researchers’ claim that the firmware cannot be updated, KeyWe states that the issue has been fixed via security patches. However, there is one condition that the attacker should be present within 15 meters range with the app user to intercept the security code. As soon as the app runs, it checks the status of the lock and the attacker can intercept the password. This attack can be performed even when the user hasn’t locked or unlocked their door using the application since the attacker can obtain the secret key if the user runs or opens the mobile app. A log of messages exchanged between the lock and the mobile application – based on the information gained by researchers (Image F-Secure). Their analysis revealed that the company’s implemented security mechanisms for the app and the lock contain a flaw in the key exchange protocol, which is easy to exploit and the secret key used to unlock the device can be exposed.
#MY KEYWE SMART LOCK FORCED ENTRY NOTIFICATION ANDROID#
To perform the research, F-Secure security researchers inspected the hardware and firmware of the lock and the hardware and firmware of the associated KeyWe Bridge that connects the lock to the wireless network and the Android app’s code. This means, the security flaw is difficult to fix. Ironically, the firmware of the latest version of KeyWe cannot be updated. It is worth noting that the design flaw is used mostly to gain remote-controlled entry into private homes and attackers can compromise the lock’s security to enter the residences. “There’s no way to mitigate this, so accessing homes protected by the lock is a safe bet for burglars able to replicate the hack,” added Marciniak.į-Secure researchers also identified that the attack can be pulled off via cheap network sniffing devices as well some costing around $10.
See: Using a laser on Alexa & Google Home hackers can unlock your front door Using a simple attack method, an attacker can get the key to unlock the KeyWe smart lock. This happens due to the lock’s design, explains an F-Secure consultant Krzysztof Marciniak, because the design is such that lets attackers bypass the security mechanism and track the exchange of messages between the app and the lock. If a hacker manages to intercept this traffic, stealing the key to enter the targeted home would be no issue. Published on Wednesday, the vulnerability identified in the smart lock that is marketed as the “smartest lock ever” and sells at $155 on Amazon, is related to the network traffic between the lock’s mobile app and smart lock. The vulnerability allows hackers and thieves to enter your home in the same way as you do. The latest research from Finland-based IT security firm F-Secure provides details about a critical security flaw in the very popular KeyWe Smart Lock GKW-2000D.
0 kommentar(er)
