Take your pick: 'Hack-proof' blockchain-powered padlock defeated by Bluetooth replay attack or 1kg lump hammer

2020-09-14 20:12

A "Hack-proof" smart padlock with security based on blockchain technology could be defeated by a simple Bluetooth replay attack - or a 1kg lump hammer.

Its unique selling point is that the padlock can be locked and unlocked using an app that transmits over a Bluetooth Low Energy connection, rather than a physical key or combination lock.

Such silly claims caught the eye of Pen Test Partners, who not only hacked the "Hack-proof" lock but also discovered that its physical security was crap too.

All that researcher David Lodge did was record a successful Bluetooth unlock command and then replay it, as he detailed on the company blog, referring to code snippets: "After I did the below commands it popped open. The first packet is authorisation, the second the open command. So it is vulnerable to replay attacks."

"A simple security review would have picked up the BLE replay issue, plus other potential issues. How was this missed?" he asked, concluding: "Lock bodies shouldn't be made of Zamak and similar alloys. It's easier and cheaper to cast/machine, compared to steel, but there's a reason conventional locks use case-hardened metals."

News URL

https://go.theregister.com/feed/www.theregister.com/2020/09/14/smart_padlock_really_isnt/

#attack #blockchain #bluetooth #hack

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Bluetooth		4	3	10	3	0	16

News URL

Related news

Related vendor