Submit Search
Upload
Csw2016 song li-smart_wars
•
0 likes
•
1,656 views
CanSecWest
Follow
CanSecWest2016
Read less
Read more
Internet
Report
Share
Report
Share
1 of 10
Download now
Download to read offline
Recommended
Introduction on iBeacons
Introduction on iBeacons
E2LOGY
TwilioCon 2013 - Communications Without Boundaries
TwilioCon 2013 - Communications Without Boundaries
Andrew Jordan
Using Sound to Execute Commands between Devices
Using Sound to Execute Commands between Devices
Roundarch_slides
Csw2016 chen grassi-he-apple_graphics_is_compromised
Csw2016 chen grassi-he-apple_graphics_is_compromised
CanSecWest
CSW2017 Harri hursti csw17 final
CSW2017 Harri hursti csw17 final
CanSecWest
Csw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelisting
CanSecWest
Csw2016 tang virtualization_device emulator testing technology
Csw2016 tang virtualization_device emulator testing technology
CanSecWest
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CanSecWest
Recommended
Introduction on iBeacons
Introduction on iBeacons
E2LOGY
TwilioCon 2013 - Communications Without Boundaries
TwilioCon 2013 - Communications Without Boundaries
Andrew Jordan
Using Sound to Execute Commands between Devices
Using Sound to Execute Commands between Devices
Roundarch_slides
Csw2016 chen grassi-he-apple_graphics_is_compromised
Csw2016 chen grassi-he-apple_graphics_is_compromised
CanSecWest
CSW2017 Harri hursti csw17 final
CSW2017 Harri hursti csw17 final
CanSecWest
Csw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelisting
CanSecWest
Csw2016 tang virtualization_device emulator testing technology
Csw2016 tang virtualization_device emulator testing technology
CanSecWest
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CanSecWest
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CanSecWest
CSW2017 Scott kelly secureboot-csw2017-v1
CSW2017 Scott kelly secureboot-csw2017-v1
CanSecWest
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CanSecWest
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CanSecWest
CSW2017 Amanda rousseau cansecwest2017_net_hijacking_powershell
CSW2017 Amanda rousseau cansecwest2017_net_hijacking_powershell
CanSecWest
CSW2017 Qidan he+Gengming liu_cansecwest2017
CSW2017 Qidan he+Gengming liu_cansecwest2017
CanSecWest
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CanSecWest
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CanSecWest
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CanSecWest
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
CanSecWest
CSW2017 Saumil shah stegosploit_internals_cansecwest_2017
CSW2017 Saumil shah stegosploit_internals_cansecwest_2017
CanSecWest
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
CanSecWest
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...
CanSecWest
CSW2017 Weston miller csw17_mitigating_native_remote_code_execution
CSW2017 Weston miller csw17_mitigating_native_remote_code_execution
CanSecWest
Csw2016 macaulay eh_trace-rop_hooks
Csw2016 macaulay eh_trace-rop_hooks
CanSecWest
Csw2016 d antoine_automatic_exploitgeneration
Csw2016 d antoine_automatic_exploitgeneration
CanSecWest
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnology
CanSecWest
Csw2016 gawlik bypassing_differentdefenseschemes
Csw2016 gawlik bypassing_differentdefenseschemes
CanSecWest
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
CanSecWest
Csw2016 economou nissim-getting_physical
Csw2016 economou nissim-getting_physical
CanSecWest
Xamarin iBeacon Mini-hack using Estimote iBeacons
Xamarin iBeacon Mini-hack using Estimote iBeacons
Jim Bennett
Innovative input devices for openHAB
Innovative input devices for openHAB
PatrickFink10
More Related Content
Viewers also liked
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CanSecWest
CSW2017 Scott kelly secureboot-csw2017-v1
CSW2017 Scott kelly secureboot-csw2017-v1
CanSecWest
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CanSecWest
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CanSecWest
CSW2017 Amanda rousseau cansecwest2017_net_hijacking_powershell
CSW2017 Amanda rousseau cansecwest2017_net_hijacking_powershell
CanSecWest
CSW2017 Qidan he+Gengming liu_cansecwest2017
CSW2017 Qidan he+Gengming liu_cansecwest2017
CanSecWest
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CanSecWest
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CanSecWest
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CanSecWest
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
CanSecWest
CSW2017 Saumil shah stegosploit_internals_cansecwest_2017
CSW2017 Saumil shah stegosploit_internals_cansecwest_2017
CanSecWest
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
CanSecWest
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...
CanSecWest
CSW2017 Weston miller csw17_mitigating_native_remote_code_execution
CSW2017 Weston miller csw17_mitigating_native_remote_code_execution
CanSecWest
Csw2016 macaulay eh_trace-rop_hooks
Csw2016 macaulay eh_trace-rop_hooks
CanSecWest
Csw2016 d antoine_automatic_exploitgeneration
Csw2016 d antoine_automatic_exploitgeneration
CanSecWest
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnology
CanSecWest
Csw2016 gawlik bypassing_differentdefenseschemes
Csw2016 gawlik bypassing_differentdefenseschemes
CanSecWest
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
CanSecWest
Csw2016 economou nissim-getting_physical
Csw2016 economou nissim-getting_physical
CanSecWest
Viewers also liked
(20)
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Scott kelly secureboot-csw2017-v1
CSW2017 Scott kelly secureboot-csw2017-v1
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Amanda rousseau cansecwest2017_net_hijacking_powershell
CSW2017 Amanda rousseau cansecwest2017_net_hijacking_powershell
CSW2017 Qidan he+Gengming liu_cansecwest2017
CSW2017 Qidan he+Gengming liu_cansecwest2017
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
CSW2017 Saumil shah stegosploit_internals_cansecwest_2017
CSW2017 Saumil shah stegosploit_internals_cansecwest_2017
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...
CSW2017 Weston miller csw17_mitigating_native_remote_code_execution
CSW2017 Weston miller csw17_mitigating_native_remote_code_execution
Csw2016 macaulay eh_trace-rop_hooks
Csw2016 macaulay eh_trace-rop_hooks
Csw2016 d antoine_automatic_exploitgeneration
Csw2016 d antoine_automatic_exploitgeneration
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnology
Csw2016 gawlik bypassing_differentdefenseschemes
Csw2016 gawlik bypassing_differentdefenseschemes
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
Csw2016 economou nissim-getting_physical
Csw2016 economou nissim-getting_physical
Similar to Csw2016 song li-smart_wars
Xamarin iBeacon Mini-hack using Estimote iBeacons
Xamarin iBeacon Mini-hack using Estimote iBeacons
Jim Bennett
Innovative input devices for openHAB
Innovative input devices for openHAB
PatrickFink10
Kwikset 925 kevo single cylinder bluetooth enabled deadbolt
Kwikset 925 kevo single cylinder bluetooth enabled deadbolt
bestwirelesschargers
PayPal Beacon and Apple iBeacon
PayPal Beacon and Apple iBeacon
Chitpong Wuttanan
Trifork iBeacon Demo Lunch Talk
Trifork iBeacon Demo Lunch Talk
Christian Melchior
ComThings Gollum
ComThings Gollum
ComThings
Security Solution - Luckey Application on Crypto-currency and Personal Bankin...
Security Solution - Luckey Application on Crypto-currency and Personal Bankin...
Wan Leung Wong
iBeacon introduction and overview
iBeacon introduction and overview
Christian Glover Wilson
Gattacking Bluetooth Smart devices - introducing new BLE MITM proxy tool
Gattacking Bluetooth Smart devices - introducing new BLE MITM proxy tool
Slawomir Jasek
Home Invasion 2.0 - DEF CON 21 - 2013
Home Invasion 2.0 - DEF CON 21 - 2013
BaronZor
DEFCON 23 - Matteo Becarro Matteo Collura - extracting the painf
DEFCON 23 - Matteo Becarro Matteo Collura - extracting the painf
Felipe Prado
Similar to Csw2016 song li-smart_wars
(11)
Xamarin iBeacon Mini-hack using Estimote iBeacons
Xamarin iBeacon Mini-hack using Estimote iBeacons
Innovative input devices for openHAB
Innovative input devices for openHAB
Kwikset 925 kevo single cylinder bluetooth enabled deadbolt
Kwikset 925 kevo single cylinder bluetooth enabled deadbolt
PayPal Beacon and Apple iBeacon
PayPal Beacon and Apple iBeacon
Trifork iBeacon Demo Lunch Talk
Trifork iBeacon Demo Lunch Talk
ComThings Gollum
ComThings Gollum
Security Solution - Luckey Application on Crypto-currency and Personal Bankin...
Security Solution - Luckey Application on Crypto-currency and Personal Bankin...
iBeacon introduction and overview
iBeacon introduction and overview
Gattacking Bluetooth Smart devices - introducing new BLE MITM proxy tool
Gattacking Bluetooth Smart devices - introducing new BLE MITM proxy tool
Home Invasion 2.0 - DEF CON 21 - 2013
Home Invasion 2.0 - DEF CON 21 - 2013
DEFCON 23 - Matteo Becarro Matteo Collura - extracting the painf
DEFCON 23 - Matteo Becarro Matteo Collura - extracting the painf
More from CanSecWest
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
CanSecWest
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CanSecWest
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
CanSecWest
CSW2017 jun li_car anomaly detection
CSW2017 jun li_car anomaly detection
CanSecWest
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application security
CanSecWest
Csw2016 gong pwn_a_nexus_device_with_a_single_vulnerability
Csw2016 gong pwn_a_nexus_device_with_a_single_vulnerability
CanSecWest
More from CanSecWest
(6)
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
CSW2017 jun li_car anomaly detection
CSW2017 jun li_car anomaly detection
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application security
Csw2016 gong pwn_a_nexus_device_with_a_single_vulnerability
Csw2016 gong pwn_a_nexus_device_with_a_single_vulnerability
Recently uploaded
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
Fs
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
Damian Radcliffe
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
Fs
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
vipmodelshub1
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
Fs
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
babeytanya
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
3sw2qly1
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
rehmti665
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
soniya singh
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
ishabajaj13
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
divyansh0kumar0
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
Christopher H Felton
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
divyansh0kumar0
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
anamikaraghav4
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
furqan222004
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
9953056974 Low Rate Call Girls In Saket, Delhi NCR
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
aditipandeya
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
aditipandeya
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
Fs
Recently uploaded
(20)
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
Csw2016 song li-smart_wars
1.
Smart Wars: A+acking Smart Locks with a Smart Phone Song Li NewSky Security / 0XiD Labs ls@newskysecurity.com
2.
Kevo Smart Lock • Bluetooth Low Energy (BLE) interface. • When someone touches the deadbolt, Kevo smart lock will try to talk to BLE devices. •
Talks to BLE-enabled smart phones, iPhone 4S and later models, many Android phones with BLE enabled. • Talks to key fob which is BLE-enabled. • If device is around, unlock.
3.
DEMO • A brief demo of how Kevo smart lock works
4.
DOS APack • BLE protocol has broadcasQng mode and other modes that are point-to-point – The concept of bind – Similar to pair, less authenQcaQon, requires no password to bind • Unfortunately, Kevo smart lock works on p2p mode •
Use a BLE-enabled smart phone to bind with fob before it talks to the lock
5.
Convincing the Lock to Work for You(1) • Kevo fob smart features – Its gyro sensor detects if it is being carried around. – If no moQon detected, the fob shuts down radio within a minute – The baPery will last longer – Fob is off when owner is home asleep, aPackers won’t be able to unlock the smart lock
6.
Convincing the Lock to Work for You(2) • When fob is bound with a device, it will NOT shutdown radio • Even if the gyro sensor detects no moQon •
When fob is unbound, it takes about one minute before shuts down radio • During this window, aPacker can touch the deadbolt and unlock, while owner is asleep
7.
DEMO • Youtube video of aPacks • Find it on our blog: blog.newskysecurity.com
8.
Timeline • Ordered Kevo Smart Lock in Sept. 2015 • DOS aPack successful 15 minutes a]er first power on •
Keep-awake aPack successful the next day – most of the Qme spent on reading user’s manual • Contacted Kevo with aPack details • Kevo responded with details and correcQons, focusing on the requirement of external doors • Repeated experiment on a door that met Kevo’s requirement
9.
Possible Fixes • Add a physical buPon to the fob. • Use broadcasQng mode instead of p2p mode •
Do not use fob, always use phone + app, so as to achieve more sophisQcated communicaQon – August smart lock uses this approach, an aPacking smart phone will be ignored.
10.
Breaking locks, the physical way • Demo Video
Download now