CVE-2023-26943

Vulnerability

Yale Keyless Smart Lock v1.0 uses weak encryption mechanisms for its RFID tags, as described in the technical report [1]. The vulnerability resides in the cryptographic implementation of the RFID communication, allowing an attacker with physical proximity to the original tag to capture and clone it. Affected version: v1.0.

Exploitation

An attacker must be within physical proximity of the original RFID tag to perform the attack. By capturing the radio frequency communication between the tag and the lock, the attacker can obtain the necessary data due to the weak encryption. The technical report [1] details the specific cryptographic weaknesses that enable the cloning of the tag.

Impact

A successful attacker can create a cloned RFID tag that functions as a genuine key for the target lock. This compromises the authentication mechanism, allowing unauthorized access to the physical space secured by the lock. The attack does not require authentication or special privileges beyond physical proximity to the tag.

Mitigation

As of the publication date (2023-12-04), no official fix from Yale has been disclosed in the available references [1]. Users should consider replacing the lock with a more secure model that uses robust authentication and encryption, or apply any future firmware updates from the vendor if announced.