Anthony Rose, an electrical engineer, was able to hack 12 out of 16 Bluetooth Low Energy smart locks as part of his research into their vulnerabilities. He presented his findings at the DEF CON hacker conference in Las Vegas on Saturday.
Via Tom's Guide:
Four locks, for example, transmitted their user passwords in plaintext to smartphones, making it easy for anyone with a $100 Bluetooth sniffer to pluck the passwords out of thin air.
Two of those four models, the Quicklock Doorlock and Quicklock Padlock, sent the password twice, Rose said. He and Ramsey found that they could change the user password by returning the same command with the second iteration of the password changed to something else, freezing out the legitimate user.
"The user can't reset it without removing the battery, and he can't remove the battery without unlocking the lock," Rose said.
Other lock manufacturers said they encrypted the user password for Bluetooth transmissions, Rose said. Technically, they did. But with at least one, Rose discovered that he could simply grab the encrypted password out of the air, then send it back to the lock — and the lock would unlock without the password ever being decrypted.
Earlier this month, UK Home Secretary Amber Rudd idiotically insisted that “real people” don’t need encrypted messaging apps; but as foolish a statement as that was, there was a kernel of truth to it.
A group of researchers from Oxford and TU Berlin will present their paper, White-Stingray: Evaluating IMSI Catchers Detection Applications at the Usenix Workshop on Offensive Technologies, demonstrating countermeasures that Stingray vendors could use to beat Stingrays and other “cell-site simulators” (AKA IMSI catchers).
The $469 LockState RemoteLock 6i is a “smart lock” that is sold to Airbnb operators through a partnership with the company, allowing Airbnb hosts to generate and expire unique, per-tenant unlock codes.
The Pry.Me Bottle Opener holds tens of thousands of times its own weight, and you can pick one up now from the Boing Boing Store.This remarkable keychain is considerably smaller than any of your keys, but don’t let that fool you: it can easily open any bottle, and could even tow a trailer full of […]
Guaranteeing your privacy online goes way beyond checking the “Do Not Track” option in your browser’s settings. To ensure that your internet activity is totally hidden from Internet Service Providers, advertisers, and other prying eyes, take a look at Windscribe’s VPN protection. It usually costs $7.50 per month, but you can get a 3-year subscription […]
This project management bundle will help you get organized and learn how to lead a team to success. You can pay what you want for these five courses when you pick them up from the Boing Boing Store.To help you become an invaluable asset for your company, this bundle includes a curated collection of professional […]