A wireless door lock from the German manufacturer Abus is not secure, warns the Federal Office for Information Security. Attackers could outwit the lock and gain access to buildings and apartments. Abus has confirmed the vulnerability.
BSI warning: Abus door lock unsafe
In a statement, the Federal Office for Information Security (BSI) warns against the use of the Wireless door lock “HomeTec Pro CFA3000” from the manufacturer Abus.
According to information from the BSI, which has now also been confirmed by Abus, both the digital lock and the associated radio remote control have a weak point. This could be used by unauthorized persons to unlock the wireless door lock to unlock without authorization. To do this, however, attackers must be physically close to the door lock, so a remote attack is not possible.
The BSI did not give any details. Where exactly the Vulnerability in the digital lock can be found remains open. In general, the BSI only issues warnings if the manufacturer has previously taken “no or insufficient measures against the threat”.
Abus points out that the “HomeTec Pro CFA3000” is a discontinued model. Customers are advised to replace the wireless door lock. A successor to the product has been available since March 2021, which is safe. Customers can identify the new door lock by the enclosed key card with a QR code printed on it. There is also a Bluetooth logo on the packaging and the door lock itself.
This is how Abus advertises the wireless door lock:
BSI President: Don’t leave customers alone
BSI President Arne Schönbohm expects customers at “a problem of this magnitude” cannot be left alone by the manufacturer (source: BSI). The insecure Abus door lock showed once again that sustainable, successful digitization can only succeed with information security.