A recent investigation by Aleph Research has uncovered multiple vulnerabilities in Sceiner firmware, posing a significant threat to smart lock security. Sceiner, a Chinese technology company, supplies smart lock designs, firmware, and applications globally. The vulnerabilities affect smart locks sold by companies like Kontrol and Elock, allowing attackers to manipulate the locks and gain unauthorized access through flaws in the Sceiner firmware and associated applications.
The vulnerabilities stem from issues in the interaction between the smart lock and the TTLock app, including the use of a single AES key for communication, plaintext message processing, and insecure communication protocol versions. Attackers can exploit these weaknesses to obtain information required for unauthorized access, with potential consequences such as opening doors remotely. The identified issues impact Kontrol Lux devices, Gateway G2 products, and the TTLock app, with specific CVEs assigned to each vulnerability.
CERT Coordination Center (CERT/CC) at Carnegie Mellon University issued an advisory, highlighting the severity of the vulnerabilities and their potential to compromise lock integrity. While no software solution is available, a potential workaround involves disabling certain Bluetooth functions in Sciener firmware-enabled locks. However, this may not be practical for users heavily reliant on the TTLock App. Vendors were notified in November 2023, but as of now, no response has been received.
