The latest research from Finland-based IT security firm F-Secure provides details about a critical security flaw in the very popular KeyWe Smart Lock GKW-2000D. The vulnerability allows hackers and thieves to enter your home in the same way as you do.
Published on Wednesday, the vulnerability identified in the smart lock that is marketed as the “smartest lock ever” and sells at $155 on Amazon, is related to the network traffic between the lock’s mobile app and smart lock. If a hacker manages to intercept this traffic, stealing the key to enter the targeted home would be no issue.
This happens due to the lock’s design, explains an F-Secure consultant Krzysztof Marciniak, because the design is such that lets attackers bypass the security mechanism and track the exchange of messages between the app and the lock. Using a simple attack method, an attacker can get the key to unlock the KeyWe smart lock.
“There’s no way to mitigate this, so accessing homes protected by the lock is a safe bet for burglars able to replicate the hack,” added Marciniak.
F-Secure researchers also identified that the attack can be pulled off via cheap network sniffing devices as well some costing around $10.
It is worth noting that the design flaw is used mostly to gain remote-controlled entry into private homes and attackers can compromise the lock’s security to enter the residences. Ironically, the firmware of the latest version of KeyWe cannot be updated. This means, the security flaw is difficult to fix.
To perform the research, F-Secure security researchers inspected the hardware and firmware of the lock and the hardware and firmware of the associated KeyWe Bridge that connects the lock to the wireless network and the Android app’s code.
Their analysis revealed that the company’s implemented security mechanisms for the app and the lock contain a flaw in the key exchange protocol, which is easy to exploit and the secret key used to unlock the device can be exposed.
This attack can be performed even when the user hasn’t locked or unlocked their door using the application since the attacker can obtain the secret key if the user runs or opens the mobile app. As soon as the app runs, it checks the status of the lock and the attacker can intercept the password. However, there is one condition that the attacker should be present within 15 meters range with the app user to intercept the security code.
Despite the researchers’ claim that the firmware cannot be updated, KeyWe states that the issue has been fixed via security patches. The company also issued the following statement to CNET:
“We are really sorry about this problem. Our users’ security is our top priority and we are continuously working to resolve any issues and avoid them in the future.”