Kwikset Aura MaaG IoT Attack

Vulnerability Description

The Kwikset Aura Smart Lock suffers from multiple vulnerabilities that allow a malicious access sharee (e.g., a tenant user) to retain permanent access to the lock, and to escalate her privilege to OWNER.

PoC attack

Please read Section 4.1 and 4.2 “Weakness 1: Semantic Loss in AMT” and “Weakness 2: Asymmetric and Misplaced Security Responsibilities”

Vendor report

We reported the issues to the vendor in a timely manner. Unfortunately, we still did not manage to obtain any clearance from the vendor to release a CVE.


Xin’an Zhou, UC Riverside; Jiale Guan, Indiana University Bloomington; Luyi Xing, Indiana University Bloomington; Zhiyun Qian, UC Riverside.