U.S. Warns of Severe Smart Lock Vulnerity Affecting 50,000 Homes
The U.S. government has issued a warning about a critical vulnerability in smart locks securing entry to an estimated 50,000 dwellings nationwide. The flaw, discovered by researcher Matt Brown, allows remote access to the locks using hard-coded credentials stored within the source code of the lock's maker, Chirp Systems. Despite the severity of the issue, rated 9.1 out of 10 on the CVSS scale, Chirp Systems has not responded to mitigate the vulnerability since it was first notified in March 2024.
Brown reported the flaw to Chirp Systems in March 2021. However, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has downgraded the severity of the flaw, stating that the hard-coded credentials do not expose the devices to remote locking or unlocking. Nevertheless, using the hard-coded credentials, an attacker could connect to an API managed by smart lock vendor August.com to remotely lock or unlock any door in any building using the technology.
In a separate development, an investigation by ProPublica has found that RealPage's rent-setting software helps landlords push the highest possible rents on tenants. In 2024, the U.S. states of California, Ohio, and Illinois filed lawsuits against RealPage, Inc., accusing the company of facilitating illegal rent increases through alleged collusion with tenants. RealPage, Inc., the parent company of Chirp Systems, is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents. August.com has stated that August and Yale locks are not vulnerable to the hack described by Brown.
The U.S. government's warning highlights the potential risks of smart lock systems and the importance of prompt action by manufacturers to address vulnerabilities. Despite the downgraded severity rating, the potential for unauthorized access remains a concern. Meanwhile, the legal battles surrounding RealPage's rent-setting practices continue to unfold.
Read also:
- Web3 gaming platform, Pixelverse, debuts on Base and Farcaster networks
- Cannabis-Focused CTV Channel Citizen Green Launches for Global Streamers
- Goodyear in 2025: Advancement in Total Mobility through the Launch of Kmax Gen-3 by Goodyear
- Boston Metal pioneers route to commercial production for eco-friendly steel method
