Techly NewsGet the app

Get the latest tech news

The Weird BLE-Lock – Hacking Cloud Locks


tl;dr; My knowledge in Bluetooth LE Communication got quite rusty over time and i wanted to refresh it with an easy target the other day. I wanted to open up the lock with a simple bluetooth command but ended up having access to their entire backend database with a lot of unique users across their entire product lineup. It didn’t go as planned. The Lock and API As all BLE-Locks work, they require an App to talk to the Lock itself and an API on the company side.

tl;dr; My knowledge in Bluetooth LE Communication got quite rusty over time and i wanted to refresh it with an easy target the other day. I loaded the application into my trusted rooted android phone and started proxien all requests through Burp to look for API clues how this communication works. Unfortunately the communication didn’t work first time, because the server required a client certificate to authenticate against the webserver.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of lock

lock

Photo of hacking cloud locks

hacking cloud locks

Related news:

News photo

PC Floppy Copy Protection: Formaster Copy-Lock

News photo

Google Authenticator redesign adds a 'Privacy screen' lock and search

News photo

Java 21 Virtual Threads – Dude, Where's My Lock?

« SIA Applauds Finalization Of CHIPS Investments For Intel Manufacturing Projects
Google to wrap up Christmas Island with new subsea cable »