Smart Lock vulnerability can give hackers full access to Wi-Fi network

There is no doubt technology has made our lives easier, but it has also made us vulnerable to cyber-attacks. Seemingly, the Bitdefender IoT vulnerability research team has discovered a vulnerability (CVE-2019-17098) in the August Smart lock pro + connect, that if exploited can provide threat actors full access to your Wi-Fi network.To get more news about best fingerprint front door lock, you can visit securamsys.com official website.

Packed with spiffy and innovative features, August Smart lock pro + connect allows users to control their home’s main door or elsewhere. This includes the owner to unlock/lock the door with just a tap, grant access to guests, and also supervise who enters or leaves their house amongst other features.
eos-bk-1.webp?w=1080&ssl=1
This is why smart locks as such are a huge hit in the rental business. There is no hassle to exchange keys or be concerned about manual locks being broken into. But despite being one of the best sellers in the physical security context, August smart lock Pro + Connect falls invariably short.
The device in question cannot directly connect to the internet be it wireless or wired, as it lacks the necessary hardware. So, when the user is within the range the lock can be controlled via Bluetooth Low Energy (BLE).

In order to manage it remotely, the August app forms a + Connect Wi-Fi bridge that establishes a link with the internet, imparting to and fro commands by the user that controls the smart lock.

However, in this case, the commands between the devices are rather encrypted with Transport Layer Security (TLS) which cannot be modified or exploited in any way. In addition to this, the August connect link with the wireless network can only be configured if the owner has a lock registered to their account.

Users gain access to the account via two-factor authentication therefore owners have full authority. They can either grant full or limited access to guests, receive instant notifications, and check status.

For this to work, the August smart lock pro + connect requires a connection to the user’s Wi-Fi network. With no keyboard/input device available, August uses a common technique to ensue connection. The device is put into a setup mode that acts as an access point enabling a link with the smartphone.

Subsequently, the application then communicates the Wi-Fi login credentials to the smart lock. This communication is open (not encrypted) which makes it vulnerable to attack.