Do you have such a door lock? Potentially anyone can get around it
Home ›Do you have such a door lock? Potentially anyone can get around it. 12/11/2019 16:04 Do you have such a door lock? Potentially anyone can go around it (photo: KeyWe @ YouTube) Jan Domański
The fact that new vulnerabilities are discovered in different operating systems and smart devices is nothing new. However, it is disturbing that such a basic security as a door lock can also be easily broken.
F-Secure experts have discovered a vulnerability in the KeyWe Smart Lock. The device is a model often used by private individuals who want to automate and supervise the door closing process. They hope that they will be safer, and at the same time they get convenience and greater possibilities than with a traditional castle. Unfortunately, this is a mistake.
Even the door in the house can be hacked easily
Extremely reprehensible is the fact that thanks to such a gap we are no longer safe not only electronically, but also in our own home. Someone with the appropriate technical knowledge (F-Secure experts say that the attack mechanism is relatively simple to reproduce) can easily break into our home and devastate it, steal whatever he wants without noticing, or even attack us while sleeping. In addition, it is quiet - there is no need to break the glass or force the door.
KeyWe Smart Lock
The company responsible for KeyWe Smart Lock used several mechanisms to protect users, but the assumption itself was wrong when designing. The vulnerability allows communication between the user's smartphone and the smart lock itself to be intercepted. Anyone with a bit of technical knowledge and cheap equipment, even for PLN 30 for capturing Bluetooth LE data, can lurk nearby and read sensitive information.
Your home may be smart, but keep it safe too. Prevent hackers from intercepting your data via Bluetooth. If you want to open and close your apartment with a smartphone, then secure it with a Bitdefender product.
The castle was and will be dangerous. It cannot be fixed
The worst part is that the problem is unsolvable. The software of the device cannot be updated, so the manufacturer does not even have the option of releasing an appropriate firmware patch. Anyone who owns such a lock must replace it, or it will potentially be at risk of burglary. We would not be surprised if dissatisfied customers demanded a refund from the manufacturer or if a class action was filed. This is truly a case that cannot be underestimated.
As Krzysztof Marciniak from F-Secure Consulting said:
[quote] When designing such solutions, the model of threats that may affect users should be analyzed. Consider potential attackers, vulnerable components, and other security factors. It is not simple, but necessary - especially when the manufacturer does not provide for the possibility of updating the software. [/ Quote]
We are dealing with such basic equipment as a door lock, and its functioning is crucial for the safety of every human being. In this case, F-Secure has not decided to make public all the details of the KeyWe Smart Lock vulnerability. Then potential criminals would have even less work to circumvent the security of the described device.
