Keywe lost bluetooth pairing5/9/2023 It should be noted that the application utilises obfuscation and root detection to protect users from threats targeting their devices. Secondly, the key generation process can be retrieved from the mobile application. Firstly - the common key is created based on the device bluetooth MAC address available globally, making it trivial to decrypt the first stage of the negotiation. the app/lock (door) key calculation processį-Secure has proven that both of those constraints can be overcome.the common key used to initiate the key exchange.Security of the messaging channel currently used by KeyWe relies on two factors: ![]() The key generation process is, however, affected by a serious flaw. ![]() ![]() Before sending they are encrypted using AES-128-ECB with a random 2B (two-byte) prefix (functioning as a replacement for an Initialization Vector) thus disallowing a third party to easily eavesdrop and tamper with commands originating from the legitimate parties. This traffic - as described below - can then be used to execute actions (such as opening/closing the lock, denial of service, silencing the lock etc.) on behalf of the owner.Īn attacker could exploit this vulnerability by intercepting any legitimate communications to steal the key and unlock the door at any point remotely.Ĭommunication messages between a legitimate application and the lock are transported using Bluetooth Low Energy. The KeyWe smart lock suffers from multiple design flaws resulting in an unauthenticated - potentially malicious - actor being able to intercept and decrypt traffic coming from a legitimate user.
0 Comments
Leave a Reply. |