Level MaaG IoT Attack

Vulnerability Description

Level Smart Lock is vulnerable to Incorrect Access Control. By performing a malicious series of lock credential synchronization steps, a revoked tenant can continue to operate the lock.

PoC attack

Please read Section 5.1 “Weakness 3: Inadequately Defined Causal Consistency in Access Policy Synchronization” of our paper.

CVE Number



Xin’an Zhou, UC Riverside; Jiale Guan, Indiana University Bloomington; Luyi Xing, Indiana University Bloomington; Zhiyun Qian, UC Riverside.