from the Android library - and reverse engineered at a relatively low cost. The whole solution, however, can be targeted by a determined attacker that can - and will - overcome such protections regardless of their number and/or quality.Ī technical blog post detailing this vulnerability and other features of the lock has been published here.Īlthough the door/key generation is based on a custom algorithm, it can be retrieved - i.e. It should be noted that the application utilises obfuscation and root detection to protect users from threats targeting their devices. Secondly, the key generation process can be retrieved from the mobile application. Firstly - the common key is created based on the device bluetooth MAC address available globally, making it trivial to decrypt the first stage of the negotiation. the app/lock (door) key calculation processį-Secure has proven that both of those constraints can be overcome.the common key used to initiate the key exchange.Security of the messaging channel currently used by KeyWe relies on two factors: The key generation process is, however, affected by a serious flaw. Before sending they are encrypted using AES-128-ECB with a random 2B (two-byte) prefix (functioning as a replacement for an Initialization Vector) thus disallowing a third party to easily eavesdrop and tamper with commands originating from the legitimate parties. This traffic - as described below - can then be used to execute actions (such as opening/closing the lock, denial of service, silencing the lock etc.) on behalf of the owner.Īn attacker could exploit this vulnerability by intercepting any legitimate communications to steal the key and unlock the door at any point remotely.Ĭommunication messages between a legitimate application and the lock are transported using Bluetooth Low Energy. To prevent falling victim to this attack or similar ones, Marciniak recommends that consumers consider the security implications of internet connected devices before replacing their offline devices with online versions.The KeyWe smart lock suffers from multiple design flaws resulting in an unauthenticated - potentially malicious - actor being able to intercept and decrypt traffic coming from a legitimate user. Unfortunately the device cannot receive firmware updates so owners of the KeyWe Smart Lock will either have to replace the lock or live with the risk of an attacker hacking it to gain access to their home. ![]() However, F-Secure Consulting was able to easily circumvent the system's security features. ![]() The KeyWe Smart Lock has several useful security features such as data encryption that were implemented to prevent unauthorized parties from accessing system-critical information like the secret passphrase. ![]() According to one recent estimate, there will be 125bn devices connected to the internet by 2025 but as IoT devices see increased adoption, security issues will also arise. The security issues F-Secure found in the KeyWe Smart Lock are yet another example of the security challenges manufacturers and consumers have begun to face as IoT devices have flooded the market. All attackers need is a little know-how, a device to help them capture traffic – which can be purchased from many consumer electronic stores for as little as 10 dollars – and a bit of time to find the lock owners.” IoT security There’s no way to mitigate this, so accessing homes protected by the lock is a safe bet for burglars able to replicate the hack. Unfortunately, the lock’s design makes bypassing these mechanisms to eavesdrop on messages exchanged by the lock and app fairly easy for attackers – leaving it open to a relatively simple attack. “The lock has several protection mechanisms.
0 Comments
Leave a Reply. |