Aleph Research Advisory

Severity: Moderate Product: Sciener Smart Locks

Technical Details

The Sciener server does not validate connection requests from the Gateway G2, allowing an impersonation attack. An attacker can connect to Sciener servers, impersonate a Gateway G2 that has established a connection with a lock by using its MAC address, and receive messages instead of the legitimate Gateway G2. This can facilitate access of the unlockKey value.

Timeline

• 07-Mar-24: Public disclosure.
• 21-Dec-23: CVE-2023-7007 assigned.
• 29-Oct-23: Reported.

Credit

• Lev Aronsky (@levaronsky) of Aleph Research, HCL Software
• Idan Strovinsky of Aleph Research, HCL Software
• Tomer Telem of Aleph Research, HCL Software