Source: Nick Sutrich / Android Central
What you need to know
- An unpatched security hole in the August Smart Lock Pro + Connect could allow hackers to gain full access to your Wi-Fi network.
- The team of security researchers at Bitdefender found that the exchange of Wi-Fi login credentials between the smart lock and your smartphone in setup mode isn't protected.
- August says it is aware of the vulnerability and is working on resolving the issue.
The Internet of Things security team at Bitdefender has discovered a security hole in the August Smart Lock Pro + Connect, which makes it possible for hackers to gain full access to your home Wi-Fi network.
Like most other smart home security devices, the August Lock Pro + Connect requires a connection to your Wi-Fi network. Since the smart lock doesn't support any input device, it uses a "common technique" to receive the Wi-Fi login credentials. Once you put the August Smart Lock Pro + Connect in setup mode, it acts as an access point. You then connect to the access point with your phone, and the app sends the login credentials to the smart lock
Even though August encrypts the login credentials in the device's firmware, it relies on a simple cipher called ROT-13 for the encryption. This makes it easy for hackers to steal the Wi-Fi network login credentials when the exchange takes place between the August Smart Lock Pro + Connect and your smartphone.
Bitdefender reportedly contacted August regarding the vulnerability last December. While August initially agreed for mutual disclosure to take place in June 2020, communications later broke down. After waiting for nearly eight months, Bitdefender finally opted to disclose the issue.
In a statement sent to PCWorld, an August representative said:
The August team is aware of the vulnerability and is currently working to resolve the issue. At this time, we are not aware of any customer accounts affected. The attacker must know precisely when the customer is setting up the Connect device. Once the Connect is fully set up, it is no longer vulnerable to this attack.
We may earn a commission for purchases using our links. Learn more.
A deal between Huawei and Qualcomm can create more problems than it solves
Huawei wants to sell phones but its placement on the Entity List makes that difficult. Qualcomm is ready to save the day, but that's bad news for the whole industry.
Beat Racer dazzles with an incredible soundtrack and addicting gameplay
This week's game highlight comes thumping in with some awesome music. Beat Racer is a fun runner title with fantastic visuals, an ear-pleasing electronic soundtrack, and addicting gameplay.
It turns out Google's "less is more" approach really fits well within the constraints of a less-expensive phone, and its strengths in software and camera processing stand out against less-refined competition. The Pixel 4a picks up right where the 3a left off, with better specs, the same great camera, and a $50 lower price.
Get the most out of these smart devices and services with Google Assistant
The Google Assistant is the most useful smart voice assistant for getting your questions answered and keeping track of your digital life, but it's also great at helping you control your smart home devices and services.