Nuki Smart Locks got Several Security Flaws, Know the Kinds!

Nuki Smart Locks got Several Security Flaws

As information & technology is developing, the humane society is bringing new challenges and new inventions into the international market to ease out human comfort. One of the results of these challenges has brought Nuki Smart Locks into the international market. These locks are based on IoT technology that is basically used in several technologies you can see on the television every day.

These locks are specially customized to provide protection against criminals who use the traditional way of theft and robbing which are very off-the-table techniques. Now, if a thief tries to unlock these locks in the traditional way they know, they will be caught red-handed on the spot.

The simplest reason for this would be that these locks are based on IoT technology which will alert the victims about the lock being cracked by the attacker. When this signal reaches the victim’s device, it’ll automatically report an alert to the nearest Police Station to attend to the crime spot.

That’s how the criminals will be disposed of with immediate action. But how is it possible that even this kind of technology can be in trouble?

The Actual Flaws

NCC Group…

Nuki Smart Lock and Bridge Products were in distress because of the 11 various security flaws observed by the researchers. The only possibility for unlocking them was to put the right password or to change the passwords themselves. In both conditions, the user needs to do it manually with any external force.  But how did they become vulnerable to external force? Is that even possible?

The unlocking process of these locks was to manage to recognize the access of the user’s device by itself. It’s keyless security. Well, this is a comforting thing that these locks usually get unlocked while sensing the recognizable device nearby.

Moreover, if a user needs to look for the status of the locks installed for protection, they can do as they wish while managing it with an app installed for them. Where these locks are safe and secure because of the functionalities they provide, but they have issues with the same facilities.

Vulnerabilities found

 

1. CVE-2022-32506 (CVSS 6.4) One of the vulnerabilities is related to the SWD hardware interfaces of Nuki and Bridge. Attackers can get physical access to the device that’s to debug the firmware with control of code execution. The attacker can even modify the content of the flash memory.
2. CVE-2022-32505 (CVSS 6.5) Use of maliciously crafted BLE packets is possible to include a DoS state on the targeted Nuki Smart Lock Devices.
3. CVE-2022-32508 (CVSS 6.5) HTTP packets can also be used to induce a DoS state in the targeted Nuki Bridge Device.
4. CVE-2022-32510 (CVSS 7.1) Users get an admin interface with an unencrypted channel in the Nuke Bridge due to an HTTP API. Due to that, an attacker can intercept the data with local access to the network.
5. CVE-2022-32503 (CVSS 7.6) An attacker can execute codes on the device while utilizing the feature of JTAG’s boundary scan. This is possible due to the existence of JTAG hardware interfaces in the Nuki Keypad, and Nuki Fob. After the execution of codes, debugging the firmware and modifying the internal with external flash memory will be possible.
6. CVE-2022-32502 (CVSS 8.0) An HTTP API parameter parsing logic code affected by a stack buffer overflow can let the attacker execute arbitrary code attacks.
7. CVE-2022-32507 (CVSS 8.0) Due to fewer access controls over the Bluetooth Low Energy Nuki API, attackers can send high-level commands to the Smart Lock’s Key turners.
8. CVE-2022-32509 (CVSS 8.5) MiTM Attacks can happen due to a lack of SSL/ TLS validation for network traffic.
9. CVE-2022-32504 (CVSS 8.8) Arbitrary code execution attacks are possible due to a stack overflow vulnerability that happened to be existing in the code parsing JSON objects received via SSE WebSocket.

Other Malfunctions observed in Various Nuki Products

1. Insecure invite key installation (CVSS 1.9) Users get an invite token feature for the Nuki Smart Lock Apps, which is used in encrypting and decrypting the invite keys on servers. Therefore, it can allow attackers to access confidential data and impersonate users.
2. With Authentication Overwrite (CVSS 2.1) Due to the installation of an insecure BLE attackers can change the BLE device name.

 

Solutions Provided

Due to this event, several consumers were afraid of losing their personal information or were afraid that someone could enter their houses/ private spaces without permission. But as the researcher found out about these vulnerabilities, they informed the victim company and alerted them.

Nuki took this on a serious note while ensuring that the patch must be perfect for the issues that occurred. After that, Nuki launched a patch for the following products:

  • Nuki Smart Lock
  • Nuki Bridge
  • Nuki Smart Lock App

Thus, in the end, users are advised to update their Nuki Smart Devices with the latest version. That’s to get the patches with the new updates. You can see, that the cyber world is giving challenges over and over from time to time. About that, you can also manage to secure yourself by being alert and learning about cyber security.

Leave a Reply

Your email address will not be published.