Schneier - Smart Lock Vulnerability
Yet another Internet-connected door lock is insecure:
Sold by retailers including Amazon, Walmart, and Home Depot, U-Tec's $139.99 UltraLoq is marketed as a "secure and versatile smart deadbolt that offers keyless entry via your Bluetooth-enabled smartphone and code."
Users can share temporary codes and 'Ekeys' to friends and guests for scheduled access, but according to Tripwire researcher Craig Young, a hacker able to sniff out the device's MAC address can help themselves to an access key, too.
UltraLoq eventually fixed the vulnerabilities, but not in a way that should give you any confidence that they know what they're doing.
from Schneier on Security https://www.schneier.com/blog/archives/2020/08/smart_lock_vuln.html
Comments
Post a Comment