Thursday, December 12, 2019

Better living through power tools

from here

Unfortunately it appears that the KeyWe smart lock has software vulnerabilities that can be exploited by an attacker. Even more unfortunate is the fact that the software (firmware really) can't be updated, so the mistake that makes them vulnerable can't be fixed or patched. One may argue that the only way to deal with the problem is to remove them and replace them with a traditional lock, but if they already accept a traditional key it seems like a well placed hole through some computer chips could eliminate the avenues of attack the vulnerability opens up.