Protocol downgrade on the TTLock app can expose the unlock key

Aleph Research Advisory

Identifier

CVE-2023-7005

Severity

High

Product

Sciener Smart Locks

Technical Details

A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication and can be utilized to compromise the lock, such as by providing the unlockKey value. During the challenge request process, if a message is sent to the app unencrypted, and with a specific set of information, the corresponding message that contains the unlockKey value will be provided unencrypted.

Timeline

07-Mar-24
: Public disclosure.
21-Dec-23
: CVE-2023-7005 assigned.
29-Oct-23
: Reported.

Posts

Say Friend and Enter: Digitally lockpicking an advanced smart lock (Part 2: discovered vulnerabilities)
By Lev Aronsky & Idan Strovinsky & Tomer Telem,
07-Mar 2024
Say Friend and Enter: Digitally lockpicking an advanced smart lock (Part 1: functional analysis)
By Lev Aronsky & Idan Strovinsky & Tomer Telem,
20-Feb 2024

Credit

Lev Aronsky (@levaronsky) of Aleph Research, HCL Technologies
Idan Strovinsky of Aleph Research, HCL Technologies
Tomer Telem of Aleph Research, HCL Technologies