![]() If the attacker happens to have the August Smart Lock app installed on their own phone or laptop (via emulation), then it's game over.īitdefender explained that the “encryption key is hardcoded into the app” and that hackers can exploit this to “listen in” and “gain access to the user’s WiFi password”.Īnyone else who has the August Smart Lock app installed and is listening in on the temporary network created by the Connect Bridge during the setup will be able to decode the user's Wi-Fi access password as it's transmitted to the Connect Bridge.Īnd bingo! The attackers now have free rein inside your wireless network and can try to break into your connected devices. Unfortunately, their encryption seems to have been rather poorly thought out. They came up with a solution to encrypt the Wi-Fi password as it was transmitted between the August Smart Lock app and the Connect Bridge so that attackers couldn't just grab the password out of the air. It's time to give the August Smart Lock Pro's designers some credit here. In practice, however, it's pretty easy to knock a specific device off a Wi-Fi network, after which the user would likely try to start the setup process all over again. You might think that a setup process that takes only a few minutes to complete doesn't give an attacker a very large window of opportunity. Many other smart-home devices have had, and still have, this flaw. That would let anyone else who jumped onto the bridge's temporary Wi-Fi network during the setup process grab the password to the encrypted network right out of the air. ![]() Namely, you don't want to send the password to an encrypted Wi-Fi network over a completely unencrypted Wi-Fi network. "The app will then use the API provided by the device to require additional information and send the local network credentials."īut the researchers warned that "this approach has some flaws." “To receive the required credentials, the bridge creates an open access point that the mobile phone would connect to," Bitdefender explains. So how do you give the Connect Bridge your home Wi-Fi password? By connecting your phone, with the August Smart Lock app installed, directly to a temporary, password-free, completely open, completely unsecure Wi-Fi network that the Connect Bridge creates during the setup process. The Connect Wi-Fi Bridge needs to connect to your Wi-Fi network to do its job, but it doesn't have your Wi-Fi network's access password, and there's no interface on the Connect Bridge where you could type in the password. But while the August Smart Lock Pro talks to both the Connect Wi-Fi Bridge and the user's smartphone app via BLE, the Connect Wi-Fi Bridge itself doesn't seem to be able to use Bluetooth to connect directly to the smartphone app. "August Connect talks to the local wireless network and is configured to work only if the user has a lock registered to their account." Flawed encryption “The August Smart Lock is paired to the smartphone and always communicates through BLE when nearby," said the white paper. The August Smart Lock Pro itself is controlled by a mobile app and can detect when a previously Bluetooth-paired smartphone is in range. "Every request between the bridge and the servers is encrypted with TLS and cannot be intercepted or modified due to certificate pinning.” “The bridge connects to the local wireless network and acts as a relay, making it possible for the user to remotely control the lock over the internet," says the associated Bitdefender white paper on the flaw. The researchers explained that the Connect acts “as a gateway”, communicating with the Smart Lock Pro via the Bluetooth Low Energy (BLE) protocol. So it relies on an additional device, the August Connect Wi-Fi Bridge, to access the internet. In August Smart Lock review threads it is considered a top product for Airbnb, HomeAway and more.As noted by the researchers, the August Smart Lock Pro can't connect to a Wi-Fi network by itself. Gain access to be able to unlock your front door from anywhere with your smartphone with the August Smart Lock Connect feature. The proprietary DoorSense technology lets you know when the door is completely closed and locked. When you buy August Smart Lock, all you have to do is connect the lock to your existing deadbolt, so if you ever need to use your regular key you can remove it. And it's easy to connect August Smart Locks to Alexa or Siri, and the August Smart Lock HomeKit allows for the easy set-up to your Google Home Assistant, making your front door even smarter. The August Smart Lock +Connect offers keyless entry without having to worry about lost or copied keys. Install the August Connect WiFi Bridge lock and provide an easy way for your friends and family, housekeepers or other home services to gain access to your home. The August Connect WiFi Bridge for Smart Home Security
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |