Loccess smart lock is vulnerable to BLE attacks
- Loccess is a Bluetooth enabled padlock marketed as a lock to secure luggage, bicycles, and lockers.
- The lock could be exploited with a framework called bettercap, which is used by security researchers to perform reconnaissance and hack wireless networks.
With smart locks becoming commonplace these days, these devices are no exception when it comes to being victim to cyber attacks and hacking attempts. One such smart lock that was recently found to be susceptible is Loccess.
Loccess is a Bluetooth-enabled padlock which promises to work as a regular padlock while providing extra features. A proof-of-concept (PoC) attack by security researcher David Lopas showed that the device could be successfully hacked without much hassle.
Lopas demonstrated that the exploit could be performed with simple steps due to the device’s poor security framework.
- The smart padlock can be unlocked through an app available on Android.
- Lopas hacked the device using bettercap, a software written in Go that performs reconnaissance and can hack WiFi networks, BLE devices, Ethernet networks, and other wireless frameworks.
- A password sniffing would simply reveal the password set in the device, in plaintext.
- Attackers can then alter the password, change master lock as well as button pincode present in Loccess.
An easy exploit
Lopas also showed how Loccess can be hacked using another approach. He explained that, by initiating the wake-up button, a BLE request for factory password would expose the device. Moreover, if the request fails, Lopas suggested, “If not working, attacker should sniff the traffic between victims phone and Loccess. Use the new password (or change the existing one) and open the lock.”
On top of all these hacking attempts, Loccess was found to be flimsy and could be broken physically using certain tools or appliances.