A Gateway G2 can be impersonated using its MAC address

Aleph Research Advisory

Identifier

CVE-2023-7007

Severity

Moderate

Product

Sciener Smart Locks

Technical Details

The Sciener server does not validate connection requests from the Gateway G2, allowing an impersonation attack. An attacker can connect to Sciener servers, impersonate a Gateway G2 that has established a connection with a lock by using its MAC address, and receive messages instead of the legitimate Gateway G2. This can facilitate access of the unlockKey value.

Timeline

07-Mar-24
: Public disclosure.
21-Dec-23
: CVE-2023-7007 assigned.
29-Oct-23
: Reported.

Posts

Say Friend and Enter: Digitally lockpicking an advanced smart lock (Part 2: discovered vulnerabilities)
By Lev Aronsky & Idan Strovinsky & Tomer Telem,
07-Mar 2024
Say Friend and Enter: Digitally lockpicking an advanced smart lock (Part 1: functional analysis)
By Lev Aronsky & Idan Strovinsky & Tomer Telem,
20-Feb 2024

Credit

Lev Aronsky (@levaronsky) of Aleph Research, HCL Technologies
Idan Strovinsky of Aleph Research, HCL Technologies
Tomer Telem of Aleph Research, HCL Technologies