INSUBCONTINENT EXCLUSIVE:
Consultants at the cybersecurity firm F-Secure have discovered an exploitable design flaw in one brand of smart lock that can allow an
attacker to easily pick the device.Since the smart lock itself is unable to receive new firmware updates, the manufacturer can't patch the
device to mitigate the flaw leaving users at risk unless they decide to physically uninstall their smart lock.F-Secure Consulting discovered
the flaw in the KeyWe Smart Lock which allows users to open and close doors in their home by using an app on their smartphone
The firm found that they were able to exploit improperly designed communication protocols to intercept the secret passphrase sent between
the lock and KeyWe's app.F-Secure Consulting's Krzysztof Marciniak helped develop the hack used to unlock the smart lock and he provided
are yet another example of the security challenges manufacturers and consumers have begun to face as IoT devices have flooded the market
According to one recent estimate, there will be 125bn devices connected to the internet by 2025 but as IoT devices see increased adoption,
security issues will also arise.The KeyWe Smart Lock has several useful security features such as data encryption that were implemented to
prevent unauthorized parties from accessing system-critical information like the secret passphrase
However, F-Secure Consulting was able to easily circumvent the system's security features.Unfortunately the device cannot receive firmware
updates so owners of the KeyWe Smart Lock will either have to replace the lock or live with the risk of an attacker hacking it to gain
access to their home.To prevent falling victim to this attack or similar ones, Marciniak recommends that consumers consider the security
implications of internet connected devices before replacing their offline devices with online versions.
