Browsed by
Category: Smart Locks

Posts relating to smart lock security

CVE-2022-46480, CVE-2023-26941, CVE-2023-26942, CVE-2023-26943

CVE-2022-46480, CVE-2023-26941, CVE-2023-26942, CVE-2023-26943

Introduction The following technical report provides background information relating to four CVEs found in the following products: Ultraloq UL3 BT (2nd Generation) (Firmware 02.27.0012) – CVE-2022-46480 Yale Conexis L1 Smart Lock (Firmware v1.1.0) – CVE-2023-26941 Yale IA-210 Intruder Alarm (Firmware v1.0) – CVE-2023-26942 Yale Keyless Smart Lock (Firmware v1.0) – CVE-2023-26943 The work discussed here was carried out by Ash Allen, Dr. Alexios Mylonas, and Dr. Stilianos Vidalis as part of a wider research project into smart device security. Responsible…

Read More Read More

Wireless Smart Lock Vulnerability Disclosure

Wireless Smart Lock Vulnerability Disclosure

The details below discuss the vulnerabilities found in the following devices: WAFU Keyless Smart Lock (firmware v1.0) – CVE-2023-34553 An attacker can use a software-defined radio to capture commands sent to the alarm from the remote keyfob. As no rolling code is implemented, it is a simple matter to play back the code and gain full access to the alarm’s functions. As an example, see the following image, comparing subsequent keypresses of the arm/disarm keyfob: As of 22nd May, 2023,…

Read More Read More

Fortessa FTBTLD Smart Lock allows unauthorized users to change the device name. Hilarity ensues…

Fortessa FTBTLD Smart Lock allows unauthorized users to change the device name. Hilarity ensues…

The Fortessa FTBTLD smart lock is a fairly bog-standard type of generic smart lock, sold in the UK by CEF for around £100, and available on auction sites for maybe 3/4 of that price. As can be seen on the sticker on the left hand portion of the lock above, it is configured with a default device name. The lock offers a variety of features, such as auto-locking, key sharing, and so on, and in the main they work pretty…

Read More Read More

Smart Lock or Spyware? The eGeeTouch TSA Travel Lock is a bit of both

Smart Lock or Spyware? The eGeeTouch TSA Travel Lock is a bit of both

In a previous post I discussed the Bluetooth pairing issue that means anyone with a sniffer and access to your lock can open it. However, this is not the most concerning aspect of the device. I’m a big fan of static analysis tools, and use a few when investigating IoT devices; they generally provide useful starting points for further investigation, and so it proved here. In this instance, MobSF produced a report that pointed at a couple of insecure Firebase…

Read More Read More

The eGeeTouch TSA Smart Lock is Anything But

The eGeeTouch TSA Smart Lock is Anything But

IoT security devices, such as smart padlocks, need to perform at least as well as their non-smart counterparts if consumer trust is to be gained. Unfortunately, many such devices are fundamentally flawed, with poor design meaning they are simple to subvert. Once such device is the eGeeTouch 3rd Generation Travel Padlock. Available in the UK for £19.90 from Amazon, the lock boasts a number of features, including Bluetooth operation via the companion smartphone app, RFID tag support, and a TSA…

Read More Read More