![]() Not only that, but August still hasn't issued a firmware update, something Jmaxxz says is necessary to fix at least one remaining issue he details in this blog post. That was more than a week after the premature "We've got app fixes coming out today" tweet. The good news is, this is a moment where we can learn a lot about how to do this better next time. Transparency mattersĪugust actively worked to fix the issue, though, so why do we still care? We care because we wish August had spoken more clearly about the flaw and fixed it faster. Since this hack relates to an issue with August's guest access and that the NCVS has unsettling statistics to share about burglary victims who know their offenders, Jmaxxz's discovery was still concerning. During the same time period, victims of violent home invasions knew the offender 65 percent of the time. That also means Jmaxxz's discovery (before August fixed it) was an unlikely route to take to access someone's home.Īt the same time, the US Department of Justice's National Crime Victimization Survey (NCVS) from 2003 to 2007 says victims who were home during a burglary knew the offender in roughly a third of the 1 million average annual burglaries. ![]() That means home invasions related to hacking a smart device are rare enough that the FBI doesn't provide statistics on them. Convenience aside, Jmaxxz discovered a vulnerability with August's guest access that allowed guests to hack August's software and "enroll a new key." Once a guest enrolled a new key, they could control an August Smart Lock even after the homeowner removed them as a guest. Guest access is a feature commonly touted by smart lock makers, since it frees you from having to cut and hand out a bunch of physical keys. ![]() While you might give a close friend or family member who doesn't live with you ongoing guest access, you can also extend recurring or temporary access to an Airbnb renter, cleaning service, dog walker, neighbor - or anyone else who might need to unlock your front door when you're at work, on vacation or otherwise away. Both August's first- and second-gen locks let you grant someone ongoing, recurring or temporary access to your home via a digital "key" you can send to their smartphone via the August app. ![]() Jmaxxz's demo uncovered one especially interesting area of vulnerability related to guest access. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |