![]() It’s worth noting that the last statement is factually incorrect, as witnessed by the above-mentioned method of knocking the Smart Lock Pro + Connect offline, thereby requiring setup to be restarted is a lingering problem. Once the Connect is fully set up, it is no longer vulnerable to this attack. The attacker must know precisely when the customer is setting up the Connect device. At this time, we are not aware of any customer accounts affected. The August team is aware of the vulnerability and is currently working to resolve the issue. Amazon worked with Bitdefender in that case to identify the cause and implement a solution, which involved encrypting the “handshake” between the smartphone and the doorbell during setup.įor its part, August issued the following statement: Those smart devices were similarly sharing Wi-Fi credentials in cleartext during the setup process. If this attack vector sound similar, because nearly the exact same exploit was publicly acknowledged in Ring Video Doorbells back in November. ![]() And the device doesn’t reconnect until its owner notices that it's offline and initiates the exchange.” “The attack that forces the doorbell offline takes time. “The hacker would have to find a spot close enough to listen in on the Wi-Fi network, perhaps a parked car,” writes PCMag. However, Bitfender found that it’s possible to perform a separate attack that would force the Smart Lock Pro + Connect off your network, which would then require it to go through the setup process again. As a result, the attacker would need to be there at the precise moment that setup would occur, which would be a near impossibility. However, the window of opportunity for leveraging this type of attack is incredibly small, as a homeowner (or renter) would typically only perform this setup one time. ![]() While this setup process is simple enough for the end-user, the passing of your Wi-Fi credentials from your smartphone to the lock are not encrypted, which could leave them vulnerable to a snooping hacker lying in wait to infiltrate your network.
0 Comments
Leave a Reply. |