20 matches found
EUVD-2018-13496
Malware in sbrugna...
EUVD-2018-13495
Malware in sbrugna...
CVE-2018-20957
The Bluetooth Low Energy BLE subsystem on Tapplock devices before 2018-06-12 allows replay attacks...
CVE-2018-20958
The Bluetooth Low Energy BLE subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device...
'Unbreakable' Smart Lock Draws FTC Ire for Deceptive Security Claims
The Federal Trade Commission has slapped Tapplock, the maker of smart padlocks that it bills as “unbreakable,” with an official complaint that could lead to fines down the road. The agency alleges that the company engaged in false and deceptive claims about its security practices, after the lock...
CVE-2018-20957
The Bluetooth Low Energy BLE subsystem on Tapplock devices before 2018-06-12 allows replay attacks...
CVE-2018-20957
The Bluetooth Low Energy BLE subsystem on Tapplock devices before 2018-06-12 allows replay attacks...
Design/Logic Flaw
The Bluetooth Low Energy BLE subsystem on Tapplock devices before 2018-06-12 allows replay attacks...
CVE-2018-20957
CVE-2018-20957 affects Tapplock devices, where the Bluetooth Low Energy (BLE) subsystem before 2018-06-12 is vulnerable to replay attacks. The issue, described across multiple sources (NVD entry and related advisories), indicates an access-control/authentication weakness in the BLE bridge enablin...
CVE-2018-20957
The Bluetooth Low Energy BLE subsystem on Tapplock devices before 2018-06-12 allows replay attacks...
Tapplock Bluetooth Low Energy Subsystem Access Control Error Vulnerability
Tapplock is a smart lock.Bluetooth Low Energy BLE subsystem is one of the low power Bluetooth subsystems. An access control error vulnerability exists in the BLE subsystem in versions of Tapplock prior to 2018-06-12, which can be exploited by an attacker to perform a replay attack...
CVE-2018-20958
The Bluetooth Low Energy BLE subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device...
CVE-2018-20958
The Bluetooth Low Energy BLE subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device...
Design/Logic Flaw
The Bluetooth Low Energy BLE subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device...
CVE-2018-20958
The Bluetooth Low Energy BLE subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device...
CVE-2018-20958
Tapplock’s BLE unlock mechanism before 2018-06-12 relies on Key1 and SerialNo, which are derived from the device’s MAC address that is broadcast publicly. This weak linkage means that credential material used for unlocks is effectively tied to observable hardware identifiers. The Red Hat entry an...
“Unbreakable” Smart Lock Tapplock Issues Critical Security Patch
Tapplock, a smart padlock that received positive reviews and media hype when it was released earlier this year, has issued a critical patch after researchers discovered several security issues enabling them to easily hack into and unlock the device. The $100 lock is Bluetooth-based and can be...
Ridiculously Insecure Smart Lock
Tapplock sells an "unbreakable" Internet-connected lock that you can open with your fingerprint. It turns out that: 1. The lock broadcasts its Bluetooth MAC address in the clear, and you can calculate the unlock key from it. 2. Any Tapplock account an unlock every lock. 3. You can open the lock...
Totally Pwning the Tapplock (the API way)
An awesome researcher contacted us on the back of our recent Tapplock pwnage. We had been looking at the local BLE unlock mechanism, however he focussed instead on the mobile app API. Vangelis Stykas @evstykas has found a way to unlock any lock, plus scrape users PII and home addresses. Read his...
Totally Pwning the Tapplock Smart Lock
TL;DR – How to open a Tapplock over BLE in under two seconds: Totally Pwning the Tapplock Smart Lock A couple of weekends ago, a YouTuber called JerryRigEverything posted a teardown of a “smart” padlock, called the Tapplock. He discovered that, using a sticky GoPro mount, he could remove the back...