CVE-2021-44518 : Security Advisory and Response

An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android where an attacker can take complete control of the lock.

Understanding CVE-2021-44518

This CVE describes a security vulnerability in the eGeeTouch 3rd Generation Travel Padlock application for Android.

What is CVE-2021-44518?

The eGeeTouch 3rd Generation Travel Padlock application for Android sends an unencrypted pairing code before each operation, allowing attackers with the same app to take control of the lock by capturing BLE network communication.

The Impact of CVE-2021-44518

The vulnerability enables attackers to add the lock and manipulate its operations, compromising the security of the padlock and its users.

Technical Details of CVE-2021-44518

This section dives into the technical aspects of the vulnerability.

Vulnerability Description

The lock sends an unencrypted pairing code, enabling attackers to take complete control if they can capture BLE network communication.

Affected Systems and Versions

Product: eGeeTouch 3rd Generation Travel Padlock application
Vendor: eGeeTouch
Version: Not specified

Exploitation Mechanism

To exploit the vulnerability, the attacker needs physical access to touch the lock's power button and must be able to intercept BLE network communication.

Mitigation and Prevention

Protecting against and preventing exploitation of the vulnerability.

Immediate Steps to Take

Avoid using the affected application or lock until a security patch is released.
Ensure physical security of the lock to prevent unauthorized access.

Long-Term Security Practices

Regularly update the lock's firmware to patch security vulnerabilities.
Enable encryption and authentication for all communication between the lock and the companion app.

Patching and Updates

The vendor should release a security patch to encrypt the pairing code and enhance communication security between the lock and the companion app.