12.5 C
New York
Tuesday, September 29, 2020
Home News August Smart Lock security flaw lets hackers access your Wi-Fi network

August Smart Lock security flaw lets hackers access your Wi-Fi network

August was notified about the vulnerability in December last year.

august-smart-lock-pro-3rd-gen-02.jpg

What you need to know

  • An unpatched security hole in the August Smart Lock Pro + Connect could allow hackers to gain full access to your Wi-Fi network.
  • The team of security researchers at Bitdefender found that the exchange of Wi-Fi login credentials between the smart lock and your smartphone in setup mode isn’t protected.
  • August says it is aware of the vulnerability and is working on resolving the issue.

The Internet of Things security team at Bitdefender has discovered a security hole in the August Smart Lock Pro + Connect, which makes it possible for hackers to gain full access to your home Wi-Fi network.

Like most other smart home security devices, the August Lock Pro + Connect requires a connection to your Wi-Fi network. Since the smart lock doesn’t support any input device, it uses a “common technique” to receive the Wi-Fi login credentials. Once you put the August Smart Lock Pro + Connect in setup mode, it acts as an access point. You then connect to the access point with your phone, and the app sends the login credentials to the smart lock.

Even though August encrypts the login credentials in the device’s firmware, it relies on a simple cipher called ROT-13 for the encryption. This makes it easy for hackers to steal the Wi-Fi network login credentials when the exchange takes place between the August Smart Lock Pro + Connect and your smartphone.

Bitdefender reportedly contacted August regarding the vulnerability last December. While August initially agreed for mutual disclosure to take place in June 2020, communications later broke down. After waiting for nearly eight months, Bitdefender finally opted to disclose the issue.

In a statement sent to PCWorld, an August representative said:

The August team is aware of the vulnerability and is currently working to resolve the issue. At this time, we are not aware of any customer accounts affected. The attacker must know precisely when the customer is setting up the Connect device. Once the Connect is fully set up, it is no longer vulnerable to this attack.

Best Smart Locks in 2020

Latest

Google Meet’s new AI-powered noise cancellation comes to mobile

Google says the feature will get even better in the future.Update, September 28 (09:30 pm ET): Google has rolled out

Need to light up the dark? Check out these high-lumen smart light bulbs.

When times get dark, we need bright light to see our way out — and the brightest LED smart bulbs

OnePlus 8 review: More of the same, for $100 more

Small improvements in capabilities brings a higher price — and still comes out to a great value.OnePlus 8 reviewPrice and

How to find the Imposter in Among Us

Stay alive and expose the Imposter with these tips and tricksIn Among Us, Crewmates must work together and complete tasks