Crickets from Chirp Systems in Smart Lock Key Leak

The U.S. government is warning that "smart locks" securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The locks maker Chirp Systems remains unresponsive, even though it was first notified about the critical...

Critical Vulnerabilities Exposed Nuki Smart Locks to a Plethora of Attack Options

By Deeba Ahmed Researchers have identified as many as eleven critical vulnerabilities in different versions of Nuki Smart Locks. The IT… This is a post from HackRead.com Read the original post: Critical Vulnerabilities Exposed Nuki Smart Locks to a Plethora of Attack Options...

Bluetooth Flaw Allows Remote Unlocking of Digital Locks

Locks that use Bluetooth Low Energy to authenticate keys are vulnerable to remote unlocking. The research focused on Teslas, but the exploit is generalizable. In a video shared with Reuters, NCC Group researcher Sultan Qasim Khan was able to open and then drive a Tesla using a small relay device...

Laser-Based Hacking from Afar Goes Beyond Amazon Alexa

Imagine someone hacking into an Amazon Alexa device using a laser beam and then doing some online shopping using that person account. This is a scenario presented by a group of researchers who are exploring why digital home assistants and other sensing systems that use sound commands to perform...

'Unbreakable' Smart Lock Draws FTC Ire for Deceptive Security Claims

The Federal Trade Commission has slapped Tapplock, the maker of smart padlocks that it bills as “unbreakable,” with an official complaint that could lead to fines down the road. The agency alleges that the company engaged in false and deceptive claims about its security practices, after the lock...

Tzumi Electronics Klic Lock Authentication Bypass

CVE-2019-11334 MIT License Copyright c 2019 Kerry Enfinger Python program to unlock any Tzumi Klic smart locks Model 5686 Firmware 6.2 May work on other smart locks Requires valid account email and password from Klic mobile application import argparse import requests import json from subprocess...

Smart Locks: Dumb Security

Dave Lodge and I presented at the BSides Manchester pre-party, aka ‘beersides’ on the subject of not very smart locks. Doubtless you’ve already seen our work on the Tapplock over BLE and the API, our hardware work on the Fipilock, and maybe even our smart lock security interview with hardware.io...

Smart Lock Security: Interview with hardware.io

In advance of the hardware.io event at The Hague next month Andrew Tierney gave them an interview about smart lock security… Technology today has transformed the traditional locks to smart locks. Thanks to the advancement in the technical frontier. The days of the mechanical lock and keys has...

Vulnerability Spotlight: Multiple Vulnerabilities in Samsung SmartThings Hub

These vulnerabilities were discovered by Claudio Bozzato of Cisco Talos. Executive Summary Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub. In accordance with our coordinated disclosure policy, Cisco Talos has worked with Samsung ...

The Logitech smart home management system, the Logitech Harmony Hub vulnerability analysis-vulnerability warning-the black bar safety net

! Recently, fireeye Mandiant Red Team team found that the Logitech smart IOT home management system the Logitech Harmony Hub, the presence of a plurality of available vulnerability, an attacker can exploit these vulnerabilities to bypass system restrictions, through SSH access to the device Syste...

Apple Fixes Flaw Impacting HomeKit Devices

Apple said it has fixed an undisclosed vulnerability in its HomeKit framework that could have allowed unauthorized remote control of HomeKit devices such as smart locks and connected garage door openers. The flaw was first reported by the publication 9to5Mac on Thursday. According to the...

A week in security (October 23 – October 29)

Welcome back to "A week in security." Last week, we took a look at how deleted files can be recovered, explored the BadRabbit ransomware plague attacking Eastern Europe including a deep dive into the code, and talked about what it takes to work in security. One of our researchers, who is a PhD...

Please don’t buy this: smart locks

We all like buying the latest and greatest tech toy. It’s fun to get new and novel features on a product that used to be boring and predictable; a draw of the original BeBox amongst many was a layer of “das blinkenlights” across the front. But sometimes, the latest feature is not always the...

Faulty Firmware Auto-Update Breaks Hundreds of 'Smart Locks'

More features, more problems! Today, we are living in a digital age that is creating a digital headache for people by connecting every other unnecessary home appliance to the Internet. Last week, nearly hundreds of Internet-connected locks became inoperable after a faulty software update hit some...

Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerable To MitM Attacks

Sławomir Jasek with research firm SecuRing is sounding an alarm over the growing number of Bluetooth devices used for keyless entry and mobile point-of-sales systems that are vulnerable to man-in-the-middle attacks. Jasek said the problem is traced back to devices that use the Bluetooth Low Energ...