from Physical Layer Attacks
Securing the Smart-access systems from Physical Layer Attacks
Phone based locking and unlocking, also known as access management, is growing in the home and in enterprise applications.
The weakest link of this type of access management is its reliance on the phone being close to the lock/reader. Hackers can impersonate your device from just about any distance using a relay attack. LEVL solves current threats associated with smartphone-based physical access management systems and smart locks.
These systems are susceptible to a number of physical layer attacks
THE RELAY ATTACK:
An attack that establishes proximity between two devices even though the devices are out of direct communication range from each other. The relay attack is a “two-person job” – two devices are used which are connected via wireless connectivity. One is used to impersonate as the phone which communicates with the lock while the other impersonates as the lock and communicates with phone. When the connection is established (forced), all the information exchanged between the lock and the phone is merely relayed to the other end, without even needing to be decrypted or hacked. In this way, the attacker can make the system unlock even without obtaining the shared secret key or manipulating the data passed between the lock and the phone.
If the shared secret key is stored on the storage of the smartphone, malware can frequently recover it. Once the key is lost, the security of the system is compromised, and it can be used by any device that can implement the authentication algorithm to open the lock.
A “one-man job” where a relay device located near the lock communicates directly with the malware on the phone over the internet. This relay device sends advertisement packets to the malware, and the malware on the phone resumes the authentication process to the phone.