Tapplock Vulnerability: MAC Address-based Key Derivation in Bluetooth Low Energy (BLE) Subsystem
CVE-2018-20958 · LOW Severity
AV:A/AC:L/AU:N/C:P/I:N/A:N
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device.
Learn more about our Web Application Penetration Testing UK.