Overview
Kontrol and Elock locks are electronic locks that utilize firmware provided by Sciener. This firmware works in tandem with an app, called the TTLock app, which is also produced by Sciener. The TTLock app utilizes Bluetooth connections to connect to locks that utilize the Sciener firmware, and allows for manipulation of the lock. Sceiner firmware locks also supports peripherals. The GatewayG2, also produced by Sciener, allows for connection to an appropriate lock through the TTLock app through WiFi. Sciener firmware also allows wireless keypad connection to supported devices.
Analysis has revealed that the Kontrol and Elock locks are vulnerable through the Sciener firmware. Vulnerabilities within the TTLock App and GatewayG2 can be further utilized to compromise the associated electronic lock integrity. While Elock locks are vulnerable to attacks through the Sciener firmware, the Kontrol Lux lock, a specific lock model, has wireless vulnerabilities unique to it.
A number of these vulnerabilities are facilitated through the unlockKey character. The unlockKey character, when provided to the appropriate lock, can be used to unlock or lock the device.
Description
The vulnerabilities are as follows:
• CVE-2023-7006
The unlockKey character in a lock using Sciener firmware can be brute forced through repeated challenge requests, compromising the locks integrity. Challenge requests take place during the unlocking process, and contain a random integer between 0 and 65535. Challenge requests can be repeatedly prompted and responded to without any limitations, until the correct integer is discovered. Successfully completing the challenge request provides the unlockKey character.
• CVE-2023-7005
A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication and can be utilized to compromise the lock, such as by providing the unlo ..
Support the originator by clicking the read the rest link below.
