Tapplock Vulnerability: MAC Address-based Key Derivation in Bluetooth Low Energy (BLE) Subsystem

Tapplock Vulnerability: MAC Address-based Key Derivation in Bluetooth Low Energy (BLE) Subsystem

CVE-2018-20958 · LOW Severity

AV:A/AC:L/AU:N/C:P/I:N/A:N

The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device.

Learn more about our Web Application Penetration Testing UK.