There is no way of mitigating this design flaw right now, and it seems unlikely there will be if the KeyWe Smart Lock can't be patched. Overcoming both these factors is, according to F-Secure, "trivial." The common key is created "based on the device Bluetooth MAC address available globally," while the key calculation process "can be retrieved from the mobile application." F-Secure believes a malicious attacker could intercept and gain access to the lock from a range of up to 15 meters away.
The AES encryption used to secure the communication link to your phone is 128-bit, but F-Secure determined messages sent over the encrypted channel only relied on two factors for security: a common key to initiate the key exchange, and the app/lock key calculation process. The KeyWe lock allows entry via a traditional key, a keypad, or through a KeyWe app on your phone. If a smart lock is on your Christmas list this year, it's best to give the KeyWe Smart Lock a miss due to a design flaw that it seems can't be fixed.Īs The Register (Opens in a new window) reports, cyber-security company F-Secure has discovered (Opens in a new window) that the KeyWe Smart Lock, which currently sells for $155 on Amazon (Opens in a new window), can be circumvented due to "improperly designed communications protocols." Worst than that, though, is the fact this design flaw can't be solved due to the smart lock having no way of allowing a security patch to be applied.
#Keywe digital lock how to#
0 kommentar(er)
