CVE-2019-17098 : Security Advisory and Response

A vulnerability in the August Connect Wi-Fi Bridge App and Connect Firmware allows unauthorized decryption of authentication details for Wi-Fi networks, affecting Android devices.

Understanding CVE-2019-17098

This CVE identifies a hard-coded cryptographic key vulnerability in August products, enabling attackers to decrypt intercepted data.

What is CVE-2019-17098?

The vulnerability in August Connect Wi-Fi Bridge App and Connect Firmware permits unauthorized decryption of captured data containing Wi-Fi network authentication details.

The Impact of CVE-2019-17098

CVSS Score: 3.5 (Low Severity)
Attack Vector: Adjacent Network
Confidentiality Impact: Low
Integrity Impact: None
User Interaction: Required

Technical Details of CVE-2019-17098

This section provides detailed technical information about the vulnerability.

Vulnerability Description

The flaw allows attackers to decrypt captured payloads with authentication details for Wi-Fi networks.

Affected Systems and Versions

Smart Lock and Connect Wi-Fi Bridge App
Vendor: August
Platforms: Android
Versions Affected: Up to v10.11.0
Connect Firmware
Vendor: August
Versions Affected: Up to 2.2.12

Exploitation Mechanism

The vulnerability enables unauthorized decryption of captured payloads containing Wi-Fi network authentication details.

Mitigation and Prevention

Protecting systems from this vulnerability is crucial to maintaining security.

Immediate Steps to Take

Update the Android app to version v10.11.0 or higher.
Implement network security measures to prevent unauthorized access.

Long-Term Security Practices

Regularly update all software and firmware to the latest versions.
Conduct security audits to identify and address potential vulnerabilities.

Patching and Updates

August has released an update to fix the issue. Ensure all devices are running the latest software versions.