amazon ULTRALOQ reviews
Researchers warning that the keyless unlocking of the Ultraloq smart door lock by U-tec could allow an attacker to track where the lock is being used and easily unlock it – both locking numbers and physical locks .
According to ThreatPost, Ultraloq is a fingerprint door lock with Bluetooth connectivity and a touch screen that sells for about $ 200. It allows users to use fingerprints or PINs to open doors to the building. Ultraloq also has an application that can be used on the spot or remotely.
Pen Test Partners, with help from researchers with accounts of @evstykas and @cybergibbon, took a closer look and discovered that Ultraloq has been break. First, the researchers found that the application programming interface (API) used by the mobile application leaked personal data from the user account, resulting in the location of the Ultraloq device being identified used.
Researchers have taken a step further and said that physical hacking is small and easy.
According to a report published in late June, U-tec fixed the API problem. However, the unlocked manufacturer does not solve the Bluetooth Low Energy problem (BLE), which allows an attacker to easily crack with a brute force attack. The penetration of multiple layers of security associated with the Ultraloq begins by unlocking the BLE security key.
The BLE key is built and operated in two parts: One part is the token that captures the keyword. The second is static salt protection of authentic data information. These parts (tokens and static salts) are put together to create a 16 octet byte array, the right size for the AES key, the researchers said. Static salt can be taken from the application and equivalent to the chain.
Next, the token is obtained by querying BLE properties with a unique global identifier (UUID). Because the key code is a 6-digit integer, this allows a brute force attack via the BLE interface.
Another weakness of Ultraloq according to researchers is the lack of API validation.
“APIs do not have any authentication,” the researchers wrote. “The data is disturbed by base64 twice but decrypting it shows that the server side has no authentication or authorization logic. This leads the attacker to retrieve the data and impersonate all users.”
This can lead to crooks who can interfere with all Ultraloq keys that are connected to the cloud service. “The easiest way to break in is to block the login process and change the user ID of the logged-in user. After that, the application will act as a user with the user ID we provided, login and have full control of all courses, according to researchers.
And yet, the researchers also said that the physical lock can be easily opened with only a thin sticks due to an unsafe physical locking mechanism. They tested and found an amateur can open them quickly and easily.
U-tec was informed of the loopholes in April 2019 and quickly responded to the request for clarification. On May 1, U-tec fixed the API flaw and on May 28 asked researchers for another month to fix the BLE problem before revealing.
where can you get a ULTRALOQ online
Ultraloq UL3 BT Bluetooth Enabled Fingerprint and Touchscreen Smart Lock (Satin Nickel) | 5-in-1 Keyless Entry | Secure Finger ID | Anti-peep Code | Works with iOS and Android | Match Home Aesthetics: Buy it now
Ultraloq UL3 Fingerprint and Touchscreen Keyless Smart Lever Door Lock (Satin Nickel): Buy it now
Ultraloq UL3 BT Bluetooth Fingerprint and Touchscreen Keyless Smart Door Lock, Satin Nickel: Buy it now
3 Pack Ultraloq UL3 BT Bluetooth Enabled Fingerprint and Touchscreen Keyless Smart Door Lock(Satin Nickel): Buy it now
ultraloq reviews on newest prices of deals buying lastest what is at where to can i you get purchase sale off discount cheapest products tutorial specification features series service instructions anviz add august ul3 bt app bridge adapter australia and touchscreen keyless smart lever door lock alexa ul1 installation u-bolt deadbolt ul3-bt-sn cerradura connect combo customer two-point code plate does work with – electronic biometric satin nickel ul3-bt-ab bluetooth-enabled enabled reversible error digital rfid fechadura key fob // not working & guide google home how install reset users set up depot program assistant indiegogo installing ifttt kickstarter thick kit entry backup lowes low login passage mode mexico türschloss mit smartfunktion español opening number nz ul autobot negro scanning autobolt add-on official website won’t open owners problems parts programming ul300 replacement schlage smartthings troubleshooting u bolt pro u-tec video yale warranty z wave 3-in-1 3bt 3 8q api admin apple watch setup bluetooth/fingerprint contact coupon company delete dl580 handle ekey europe factory homekit hack help hub iphone jammed knock latch lockout logo menu models miami pdf reddit rekey register support software technical thailand turn wiki wireless