Security gaps discovered and closed as door openers in Nuki Smart Lock
Attackers could target numerous weak points in various smart Nuki Smart Lock door locks. The WLAN bridge Nuki Bridge is also affected.
If you lock up your home with door locks from Nuki’s Smart-Lock series, you could soon have burglars in your house. In total, the manufacturer has closed eleven security gaps. Nuki Bridge is also affected by some gaps. The Nuki app should automatically notify users of available security updates.
For the majority of vulnerabilities, the threat level is “high“. Since the software does not validate SSL/TLS certificates (CVE-2022-32509), attackers could hook into connections as a man-in-the-middle and eavesdrop on data traffic. In an article, security researchers from the NCC Group state that they were even able to modify the communication between the device and web services using a proxy.
Open doors with malicious code
In addition, attackers could use certain requests to trigger memory errors and use them to run their own code. If such an attack is successful, it can be assumed that attackers can open doors. The article does not state whether they must be in the same network as the lock as a prerequisite for an attack. In some cases, attackers need physical access to read data via the JTAG interface, for example.
In addition, the developers did not optimally implement Bluetooth Low Energy (BLE), so that attackers could launch various attacks there. Successful DoS attacks can cause devices to crash. To do this, attackers would have to send prepared BLE packets.
The security researchers state that they informed Nuki about the gaps in April 2022. Security patches have been available since June. Information about the vulnerabilities has now been published. The researchers praise the good cooperation with Nuki during the process.
