This traffic - as described below - can then be used to execute actions (such as opening/closing the lock, denial of service, silencing the lock etc.) on behalf of the owner.Īn attacker could exploit this vulnerability by intercepting any legitimate communications to steal the key and unlock the door at any point remotely.Ĭommunication messages between a legitimate application and the lock are transported using Bluetooth Low Energy. Smart home threats are likely to increase through 2020 and beyond.The KeyWe smart lock suffers from multiple design flaws resulting in an unauthenticated - potentially malicious - actor being able to intercept and decrypt traffic coming from a legitimate user. In this instance, security has been designed into the lock, but not into the environment in which it is used. Secure by design is a principle that is not yet being applied by all smart device manufacturers.
KEYWE LOCK NOT RECOGNIZED BY APP UPGRADE
Moreover, the next version of the lock will have the firmware upgrade functionality - although no information is available regarding the release date." According to the vendor, new devices will contain a security fix. "Unfortunately," writes Marciniak, "no firmware upgrade functionality has been included and thus the issue will persist until the device is replaced.
Doing this isn't easy, but if IoT device vendors are going to ship products that can't receive updates, it's important to build these devices to be secure from the ground up."į-Secure reported the issue to the vendor, who has been responsive in communication with the researchers. "It needs to be tailored to account for the user, environment, threat model, and more. "Security isn't one size fits all," explains Marciniak. The attacker now has physical access to this device. At the corporate level, the smart homeowner is likely to be a senior executive accustomed to working from home on a computer with some form of connection to at least part of the enterprise network. The command communicated by the app to the lock could be captured and decrypted, and the attacker could enter the building next time it is vacant - or potentially worse, at night when the occupants are asleep.Īt the personal level, the smart home would likely include an actual or metaphorical jewel box of valuables. All attackers need is a little know-how, a device to help them capture traffic - which can be purchased from many consumer electronic stores for as little as $10 - and a bit of time to find the lock owners."Ī sniffing device could be hidden close to the door awaiting the return of the homeowner. There's no way to mitigate this, so accessing homes protected by the lock is a safe bet for burglars able to replicate the hack. He says, "Unfortunately, "the lock's design makes bypassing these mechanisms to eavesdrop on messages exchanged by the lock and app fairly easy for attackers - leaving it open to a relatively simple attack. The common key can then be easily calculated based on the device address." "As an in-house key exchange is used - with just two values involved - to decrypt all of the communication, one simply needs to intercept the transmission. "This is a grave mistake!" writes F-Secure Consulting's Krzysztof Marciniak in an associated blog. It uses Bluetooth Low Energy over WiFi, and although ostensibly encrypted, there is a flaw in its design: the common key does not change between executions, but it does change with the device address. Communication between the lock and the controlling app is not so secure. The lock itself is quite strong, including data encryption to prevent unauthorized parties from accessing system-critical information, such as the secret passphrase. The flaw is not in the lock, but in the communication between the app and the lock.
Users can open and close doors via an app on their mobile phones. The product is the KeyWe Smart Lock, a remote-controlled entry device primarily used in private dwellings. The latter is not yet a major crime vector but it is likely to grow.į-Secure's latest discovery of a design flaw in a smart lock illustrates the dangers. This makes the smart home a target for cybercriminals, and - potentially - a target for cyber-savvy physical burglars. Sometimes the connection is via a mobile phone app, often introducing a further weakness.Īt this stage in the evolution of smart homes, they have another characteristic: they are almost by definition the abode of wealthy or significant people. It is replete with interconnected IoT devices, many with their own known or unknown vulnerabilities and connected to the internet by a router that probably has the original, unchanged default password. Vulnerability in KeyWe Smart Locks Could be Exploited by Attackers to Intercept Communications to Steal Key and Unlock DoorsĪ smart home is a vulnerable home.
0 kommentar(er)
