Another Case Of A Vulnerable Smart Lock

I am back with a another blog after a long time. I have been buying lot of random things from aliexpress/banggood and smart locks are one of them. With the recent finding on tapplock by @cybergibbons and @slawomir, which inspired me to do some more research on the smart lock and show how vulnerable they are.

 

Disclaimer: The smart lock which i got is pretty common and it is even available in amazon. Several thousands devices are already in the market, I have changed the name of the brand to something imaginary – “*unhackable*” Smart Lock.

 

Smart Lock:

The lock which i got is from a company called as *unhackable*, which is a chinese company . You also get the same lock locally from amazon. So people do use these devices. The specifications are good too.

 

Now with Bluetooth comes a responsible mobile app which connects to a remote server to save your lock password and share the lock with others.

I will start by listing all the findings.

No HTTPS for communicating with the mobile app/server.

The connection from the mobile app and the server is using HTTP and it is prone to sniffing and other trivial attacks. An attacker can reverse engineer the communication to exploit the server.

User Database Download.

The API call endpoint is being identified by intercepting the android app. Attacker can bruteforce the userid to get device user information like name, email address and lock password and mac address.

This is nothing fancy,  Just send a GET request to the same endpoint without any parameter and you get the whole database in json and some php info.

Database contains around 7500+ smartlock mac address, lock password and email address.

Backdoor password

It was identified on analysing the apk at “com.”unhackable”-lock.base_blelock.fragment”. Hard coded password was identified and it was used in reset password otp.

Which means you have a backdoor access to all the users in their device. You can get all the email address from the previous vulnerability and reset the password for all the user and gain access to the lock.

These vulnerabilities have been reported to the vendor and there has been no response from them.

I have checked on the bluetooth and hardware part of the smartlock, I will post a new blog on the same after a while.

Subscribe to our Newsletter
Subscription Form
DOWNLOAD THE DATASHEET

Fill in your details and get your copy of the datasheet in few seconds

CTI Report
DOWNLOAD THE EBOOK

Fill in your details and get your copy of the ebook in few seconds

Ebook Download
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download ICS Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Cloud Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download IoT Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Code Review Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Red Team Assessment Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download AI/ML Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download DevSecOps Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Product Security Assessment Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download AI/ML Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download IoT Sample Report

Let’s make cyberspace secure together!

Requirements

Connect Now Form

What our clients are saying!

Trusted by