Chirp smart door locks can be trivially unlocked remotely
Posted: Thu Sep 26, 2024 11:16 am
Some smart locks controlled by Chirp Systems' software can be remotely unlocked by strangers thanks to a critical security vulnerability.
This remote exploitation is possible due to passwords and private keys being hard-coded in Chirp's Android app. Anyone who knows or finds these credentials can use them with an API maintained by smart lock supplier August to remotely open someone's Chirp-powered lock and thus unlock whatever door it is supposed to be protecting. Chirp has claimed its system is being used by over 50,000 households.
posting.php?mode=post&f=14
This remote exploitation is possible due to passwords and private keys being hard-coded in Chirp's Android app. Anyone who knows or finds these credentials can use them with an API maintained by smart lock supplier August to remotely open someone's Chirp-powered lock and thus unlock whatever door it is supposed to be protecting. Chirp has claimed its system is being used by over 50,000 households.
posting.php?mode=post&f=14