Smart Security Device RFID Vulnerability Disclosure

Smart Security Device RFID Vulnerability Disclosure

The details below discuss the vulnerabilities found in the following devices:

  • Suleve 5-in-1 Smart Door Lock (firmware v1.0)
  • Digoo DG-HAMB Smart Home Security System (firmware v1.0)
  • Etekcity 3-in-1 Smart Door Lock (firmware v1.0)

The use of low-frequency (LF) RFID tags is a significant security issue. These tags do not support any form of encryption and so can be read using an NFC-equipped mobile phone or dedicated reader in under a second. The only information encoded is a number, and so using software to write to blank tags it is possible to create any number of duplicate tags possessing the same permissions as the original. In addition, no indication would be given to the owner of the original tag that it had been compromised.

As of 5th August, 2023, none of the devices has been issued with a fix for this issue. Given that this is a vulnerability with the device hardware, we do not believe that this can be rectified with software updates.

3 thoughts on “Smart Security Device RFID Vulnerability Disclosure

  1. Pingback: CVE-2023-39843
  2. Pingback: CVE-2023-39842
  3. Pingback: CVE-2023-39841

Leave a Reply

Your email address will not be published. Required fields are marked *