1 min read

Kwikset Halo Smart Lock Is Secure, but the Android App Controlling It Isn’t, Research Finds

Silviu STAHIE

April 06, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Kwikset Halo Smart Lock Is Secure, but the Android App Controlling It Isn’t, Research Finds

Bitdefender security researchers have identified a vulnerability in the Android application controlling the Kwikset Halo Smart Lock. Still, the overall security of the lock proved to be pretty good.

One of the biggest issues in today’s digital world is that people surround themselves with smart devices and don’t really realize it. The fact that many Internet of Things devices arrive on the market with laughable security and almost zero support complicates a situation that’s already problematic.

Smart locks are the kind of device you forget is there. You expect them to work and that’s about it. But smart locks are part of the IoT world, and that means they need proper support and users have to be aware that they might need to apply patches.

Bitdefender took a closer look at the Kwikset Halo Smart Lock and noted two important findings. Unlike many IoT devices, the connection can’t be intercepted with a man-in-the-middle attack, the firmware is a GBL container file that is encrypted and signed, and two-factor authentication is enabled by default. Finally, the serial connection pins are not accessible to attackers.

The protection around the lock ticks almost all of the necessary boxes, but there’s a problem with the Android application because it exposes a content provider that can be accessed by any application on the phone.

“Because of a race condition, it can be used by a malicious application to read any file of the application including the default_settings.xml file which contains the authentication token, user info and the lock serial number,” explained the security researchers.

Fortunately, following an official notification from Bitdefender, the vendor released an update for the Android application and the vulnerability is gone.

Download the whitepaper

tags


Author



Right now

Top posts

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read