<--
א
Idan Strovinsky
Twitter:
@foo
Homepage:
https://www.linkedin.com/in/idan-strovinsky/
GitHub:
ghsi10
Keybase:
qux
POSTS
Say Friend and Enter: Digitally lockpicking an advanced smart lock (Part 2: discovered vulnerabilities)
07-Mar 2024
,
CVE-2023-7006
CVE-2023-7005
CVE-2023-7003
CVE-2023-6960
CVE-2023-7004
CVE-2023-7007
CVE-2023-7009
CVE-2023-7017
Say Friend and Enter: Digitally lockpicking an advanced smart lock (Part 1: functional analysis)
20-Feb 2024
,
CVE-2023-7006
CVE-2023-7005
CVE-2023-7003
CVE-2023-6960
CVE-2023-7004
CVE-2023-7007
CVE-2023-7009
CVE-2023-7017
Why is it so hot here? Hacking Electra Smart air conditioners for fun and profit
19-Jun 2023
,
CVE-2023-24500
CVE-2023-24501
CVE-2023-24502
CVE-2023-24503
CVE-2023-24504
CVE-2023-30160
VULNS
12/21/23
CVE-2023-7017
The firmware of the Kontrol Lux lock can be updated w/o AuthZ/AuthC
12/21/23
CVE-2023-7009
The Kontrol Lux lock can be forced to process arbitrary unencrypted messages
12/21/23
CVE-2023-7007
A Gateway G2 can be impersonated using its MAC address
12/21/23
CVE-2023-7004
The TTLock app does not properly verify that it is connected to a real lock
12/21/23
CVE-2023-6960
TTLock virtual keys can be reused even after invalidation
12/21/23
CVE-2023-7003
Challenge response can be retried indefinitely upon failure
12/21/23
CVE-2023-7005
Protocol downgrade on the TTLock app can expose the unlock key
12/21/23
CVE-2023-7006
Challenge response can be retried indefinitely upon failure
03/12/23
CVE-2023-30160
Unauthorized attacker can connect to the MQTT server controlling all of Electra's Smart AC units and gain full control of them
03/12/23
CVE-2023-24504
Attacker within WiFi range can cause unconfigured units to connect to a malicious update server
03/12/23
CVE-2023-24503
Attacker within IR range can install arbitrary firmware over the air
03/12/23
CVE-2023-24502
A WiFi hotspot with a known password is always availiable on unconfigured units
03/12/23
CVE-2023-24501
Credentials for connecting to the MQTT server hardcoded inside the firmware
03/12/23
CVE-2023-24500
Attacker within WiFi range can install arbitrary firmware over the air on unconfigured units