Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Vulnerability Allows Hackers to Unlock Smart Home Door Locks

Vulnerability in KeyWe Smart Locks Could be Exploited by Attackers to Intercept Communications to Steal Key and Unlock Doors

Vulnerability in KeyWe Smart Locks Could be Exploited by Attackers to Intercept Communications to Steal Key and Unlock Doors

A smart home is a vulnerable home. It is replete with interconnected IoT devices, many with their own known or unknown vulnerabilities and connected to the internet by a router that probably has the original, unchanged default password. Sometimes the connection is via a mobile phone app, often introducing a further weakness.

At this stage in the evolution of smart homes, they have another characteristic: they are almost by definition the abode of wealthy or significant people. This makes the smart home a target for cybercriminals, and — potentially — a target for cyber-savvy physical burglars. The latter is not yet a major crime vector; but it is likely to grow.

F-Secure’s latest discovery of a design flaw in a smart lock illustrates the dangers. The product is the KeyWe Smart Lock, a remote-controlled entry device primarily used in private dwellings. Users can open and close doors via an app on their mobile phones.

The flaw is not in the lock, but in the communication between the app and the lock. The lock itself is quite strong, including data encryption to prevent unauthorized parties from accessing system-critical information, such as the secret passphrase. Communication between the lock and the controlling app is not so secure. It uses Bluetooth Low Energy over WiFi, and although ostensibly encrypted, there is a flaw in its design: the common key does not change between executions, but it does change with the device address.

“This is a grave mistake!” writes F-Secure Consulting’s Krzysztof Marciniak in an associated blog. “As an in-house key exchange is used – with just two values involved – to decrypt all of the communication, one simply needs to intercept the transmission. The common key can then be easily calculated based on the device address.”

He says, “Unfortunately, “the lock’s design makes bypassing these mechanisms to eavesdrop on messages exchanged by the lock and app fairly easy for attackers — leaving it open to a relatively simple attack. There’s no way to mitigate this, so accessing homes protected by the lock is a safe bet for burglars able to replicate the hack. All attackers need is a little know-how, a device to help them capture traffic — which can be purchased from many consumer electronic stores for as little as $10 — and a bit of time to find the lock owners.”

A sniffing device could be hidden close to the door awaiting the return of the homeowner. The command communicated by the app to the lock could be captured and decrypted, and the attacker could enter the building next time it is vacant — or potentially worse, at night when the occupants are asleep.

At the personal level, the smart home would likely include an actual or metaphorical jewel box of valuables. At the corporate level, the smart homeowner is likely to be a senior executive accustomed to working from home on a computer with some form of connection to at least part of the enterprise network. The attacker now has physical access to this device.

“Security isn’t one size fits all,” explains Marciniak. “It needs to be tailored to account for the user, environment, threat model, and more. Doing this isn’t easy, but if IoT device vendors are going to ship products that can’t receive updates, it’s important to build these devices to be secure from the ground up.”

F-Secure reported the issue to the vendor, who has been responsive in communication with the researchers. “Unfortunately,” writes Marciniak, “no firmware upgrade functionality has been included and thus the issue will persist until the device is replaced. According to the vendor, new devices will contain a security fix. Moreover, the next version of the lock will have the firmware upgrade functionality — although no information is available regarding the release date.”

Secure by design is a principle that is not yet being applied by all smart device manufacturers. In this instance, security has been designed into the lock, but not into the environment in which it is used. Smart home threats are likely to increase through 2020 and beyond.

Related: Smart Home Hacked via Vulnerabilities, Social Engineering 

Related: Hide ‘N Seek Botnet Targets Smart Homes 

Related: Security Flaw Could Have Let Hackers Turn on Smart Ovens 

Related: Samsung Patches Critical Vulnerabilities in SmartThings Hub 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Expert Insights

Related Content

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

Today’s growing attack surface is dominated by non-traditional endpoints.

IoT Security

Taiwan-based networking and storage solutions provider Synology has informed customers about the availability of patches for several critical vulnerabilities, including flaws likely exploited recently...

IoT Security

A researcher has published proof-of-concept (PoC) videos to demonstrate how an attacker can remotely unlock the doors of a Honda vehicle, or even start...

IoT Security

Chinese video surveillance company Hikvision has patched a critical vulnerability in some of its wireless bridge products. The flaw can lead to remote CCTV...

Cybercrime

The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a Linux kernel flaw to its Known Exploited Vulnerabilities Catalog and instructed federal...