According to security researchers Chase Dardaman and Jason Wheeler, three security flaws in Zipato smart hubs can be used to unlock doors equipped with smart locks if the flaws are chained together.
In-home smart technology has already been under scrutiny for privacy concerns with the devices, but possible abuse of front door locks adds another layer of concern.
“When we first got our hands on the smart lock and hub we thought of attacking it in three different scenarios,” the researchers wrote. “First could we unlock the door remotely without having access to anything beforehand? Second, if we were an apartment resident with this solution, could we take data off the device in order to unlock all the other residents’ front doors? Lastly, could we find a vulnerability or misconfiguration that would allow an attacker to unlock the door on the same network?”
The security researchers didn’t release their findings until after the vulnerabilities in the devices were fixed. One key step in the hackability of the devices was that the attacker would have to be on the same WiFi network as the devices. However, any of these smart hubs that were connected directly to the internet would be remotely exploitable.