The Kwikset Aura Smart Lock suffers from multiple vulnerabilities that allow a malicious access sharee (e.g., a tenant user) to retain permanent access to the lock, and to escalate her privilege to OWNER.
Please read Section 4.1 and 4.2 “Weakness 1: Semantic Loss in AMT” and “Weakness 2: Asymmetric and Misplaced Security Responsibilities”
We reported the issues to the vendor in a timely manner. Unfortunately, we still did not manage to obtain any clearance from the vendor to release a CVE.
Xin’an Zhou, UC Riverside; Jiale Guan, Indiana University Bloomington; Luyi Xing, Indiana University Bloomington; Zhiyun Qian, UC Riverside.