How To Hack Electronic Door Lock

However, the process for hacking any smart lock is the same so you can take these methods and apply them to any smart lock you like. The thought of the Smart Lock is that information technology can be remotely locked and unlocked using a mobile device. This become problematic because software can always be hacked and equally y'all will meet we hacked this ane. The Smart Lock works with both iOS and Android operating systems.

Furthermore, the lock allows an private to give a temporary potency to a different phone in club for them to control the locking and unlocking of this device. The functionality likewise permits one to grant permanent admission to another telephone with the software installed. The fatal flaw of a system that is not close looped.

The Smart Lock security features were put to the test and the results are not so hot. This lock has a whole host of vulnerabilities which brand it highly susceptible to being hacked. The fatal flaw is the functionality that allows one to add other authorized united nations-lockers. What has been found is that a hacker can easily add together themselves as a guest to any lock that happens to be nearby.

HOW TO HACK A SMART LOCK

To start with, brand backups of the app in random states. This is to say, different random configurations and stages of use including app states and user settings.

Going to brand these four unlike application backups to start with:

Apply cases of SSH Tunnelling (also called as SSH Port Forwarding)

1. WHEN APP IS FIRST INSTALLED
2. WHEN LOCK HAS BEEN PURVEYED Past THE APP
3. AFTER MANY LOCK & UNLOCK COMMANDS Accept BEEN ISSUED
4. After Boosted USERS HAVE BEEN ADDED TO TEST LOCK

Now, take a look at the files stored locally. This reveals that the config information is encrypted, but not so fast. At that place is a big ole log file that contains highly sensitive data. After analysing the source code, you can see that the code shows the encryption key that is difficult coded in for all local data:

This shows the encryption primal hard coded in the source file

At present that we tin see what is going on with the encryption, let'southward accept a slightly closer look. After looking at it for a while, you tin encounter that the routine of this encryption key dictates the goose egg being used is AES and ECB. That information was then used to un-encrypt all contents located on the local host file assortment. The files accessed here have the lock UUID, username, phone number and more than primal identification markers. This data is also accessible in the log file offset created past the application earlier fifty-fifty looking into the crypt key.

Bully THE API

Now that nosotros have a solid grasp on the app in full general and how it functions on the backend, nosotros move to the API. The goal here is to expect out for all the digital communication that the app has with the servers endemic past Smart Locks. The app itself uses a security cert then we can't just easily take a quick expect at it. For this, nosotros have to:

1. DE-COMPILE THE Entire SMART LOCK APP TO. SMALI
2. REMOVE Document Lawmaking FOR VALIDATION
3. RECOMPILE THE Entire APP
4. SIGN SECURITY CERT
5. RE-INSTALL APPLICATION IN THE NEWLY MODED FORM

Most of the end parts of the Smart lock API didn't allow united states of america to notice annihilation as well meaning –there was ane that did not validate that the user pressing lock/unlock are actually the possessor of the lock. Behold, this is the vulnerability that we need to hack a Smart Lock. This API endpoint that is weak and vulnerable is the ane that allows the possessor of the smart lock to add together a guest to the lock. In finding this, it ways that any hacker can create an API request to add their user as a invitee to whatsoever lock nearby with the correct UUID of the lock which can easily be found in the manifestly text log file that we constitute upward to a higher place.

Screenshot of the API call to add invitee

Now that the Smart Lock has been hacked, let's review the conditions in which need to be nowadays in order to crack this digital lock. For the hacker to crack this lock there are two things needed: UUID of the lock, UID of hacker. The UID can be found using a few dissimilar methods:

METHOD 1: UN-ENCRYPT LOCAL STORAGE ON HACKERS MOBILE Phone

METHOD two: INTERCEPT API CALL ON HACKER'Southward MOBILE Telephone

METHOD 3: INSPECT THE LOCAL Obviously TEXT LOG FILE THAT We FOUND EARLIER

The UUID of a Smart Lock can be found by simply walking up to one and using the app to scan for locks that are nearby. The mobile telephone will find all that are in range. One time it does, the app will write the UUID of the locks that were discovered in the plain text log file on the mobile phone. Now that you have the UUID of the lock, you can add together yourself as a invitee using the Moded App that we created above and unlock the door immediately.

Source: https://www.arridae.com/blogs/HACKING-A-SMART-LOCK.php

Share this post