Smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can open them remotely.

https://web.archive.org/web/20240415235929/https://krebsonsecurity.com/2024/04/crickets-from-chirp-systems-in-smart-lock-key-leak/

The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp’s parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.

P.S. never give cybersecurity spooks clicks even after they go “freelance” or whatever

#realestate #landlords #latestagecapitalism #security #enshittification #cybersecurity @[email protected]

  • Halasham@dormi.zone
    link
    fedilink
    arrow-up
    7
    ·
    8 months ago

    Yeah, you don’t get ‘hard-coded credentials’ from some bug. This had to be intentional.