Wireless Smart Lock Vulnerability Disclosure

The details below discuss the vulnerabilities found in the following devices:

WAFU Keyless Smart Lock (firmware v1.0) – CVE-2023-34553

An attacker can use a software-defined radio to capture commands sent to the alarm from the remote keyfob. As no rolling code is implemented, it is a simple matter to play back the code and gain full access to the alarm’s functions. As an example, see the following image, comparing subsequent keypresses of the arm/disarm keyfob:

As of 22nd May, 2023, no fix has been released for this issue. Given that this is a vulnerability with the device hardware, we do not believe that this can be rectified with software updates.

Join the conversation


Leave a comment

Your email address will not be published. Required fields are marked *