The Bitdefender IoT Vulnerability Research team have discovered a nasty cybersecurity vulnerability in a popular consumer smart door lock. The August Smart Pro Lock has a weakness that allows (amongst other things) hackers to easily access the households WiFi passwords. To date the vulnerability remains unpatched (despite disclosures from the Bitdefender team).
In the ongoing proliferation of ‘smart’ IoT devices, it seems every household item has met its makeover. This ubiquitous connectivity has extended to our door locks. The August Smart Lock Pro is a popular household device, attaching to the deadbolt of doors and operating through a digital app, retailing at $299 the device has surged in popularity amongst modern home owners.
The discovery is that the device talks with the configuration application on the smartphone in an encrypted manner, but the encryption key is hardcoded into the app. This allows a potential attacker within range to eavesdrop on the traffic and intercept the Wi-Fi password. To date, the vulnerability is not fixed and it’s important consumers are aware of this potential issue.
For full technical details of this disclosure please see the Bitdefender whitepaper on the Smart Pro Lock vulnerability and investigation: https://mysecuritymarketplace.com/whitepaper-listing/