By: Tomi Engdahl

Tomi Engdahl — Thu, 12 Dec 2019 07:52:35 +0000

KeyWe Smart Lock unauthorized access and traffic interception
https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception
The KeyWe smart lock suffers from multiple design flaws resulting in
an unauthenticated – potentially malicious – actor being able to
intercept and decrypt traffic coming from a legitimate user. This
traffic – as described below – can then be used to execute actions
(such as opening/closing the lock, denial of service, silencing the
lock etc.) on behalf of the owner. An attacker could exploit this
vulnerability by intercepting any legitimate communications to steal
the key and unlock the door at any point remotely. Communication
messages between a legitimate application and the lock are transported
using Bluetooth Low Energy. Before sending they are encrypted using
AES-128-ECB with a random 2B (two-byte) prefix (functioning as a
replacement for an Initialization Vector) thus disallowing a third
party to easily eavesdrop and tamper with commands originating from
the legitimate parties. The key generation process is, however,
affected by a serious flaw. Read also:
https://www.theregister.co.uk/2019/12/11/f_secure_keywe/ and
https://www.tivi.fi/uutiset/tv/d06ba2bd-3e64-4666-a382-ce5def3c7985

By: Tomi Engdahl

Tomi Engdahl — Mon, 11 Dec 2017 19:48:56 +0000

BlueSteal: Popping GATT Safes
https://www.twosixlabs.com/bluesteal-popping-gatt-safes/

In this blog post, we will detail BlueSteal, or the ability to exploit multiple security failures in the Vaultek VT20i. These vulnerabilities highlight the need to include security audits early in the product manufacturing process. These vulnerabilities include CVE-2017-17435 and CVE-2017-17436.

Comments on: How to Hack Smart Bluetooth Locks and IoT Devices — Check this Out

By: Tomi Engdahl

By: Tomi Engdahl