A security flaw in the smart access control system developed by Chirp Systems has raised concerns about the safety of thousands of rental homes in the U.S., allowing unauthorized remote access to smart locks. Despite notifications about the vulnerability, Chirp Systems has not taken action to address the issue.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a public advisory, warning that Chirp's phone apps, used by residents for home access, improperly store hardcoded credentials. These credentials can be exploited to remotely control any Chirp-compatible smart lock, posing a significant security risk. The severity of the vulnerability, rated 9.1 out of 10, highlights its potential for exploitation with low complexity and remote access capabilities.
Despite efforts from security researcher Matt Brown, who identified the flaw in March 2021, and notifications from CISA, Chirp Systems has not responded to address the issue. This inaction leaves smart locks connected to Chirp systems vulnerable to unauthorized access, potentially compromising the security of affected homes.
Chirp Systems' integration of keyless access controls with smart home technologies has gained popularity among rental companies like Camden Property Trust, which planned to deploy Chirp-connected smart locks across tens of thousands of units. However, it remains unclear whether affected properties are aware of the vulnerability or have taken corrective measures.
Chirp Systems, acquired by RealPage in 2020 and subsequently by Thoma Bravo, has yet to acknowledge the security concerns or provide assurances regarding resident safety. RealPage and Thoma Bravo have faced legal challenges over other issues, but they have not addressed the vulnerabilities in the acquired software or indicated plans to notify affected residents.
The lack of response from Chirp Systems and its parent companies raises questions about accountability and resident safety in the property tech sector. With the increasing adoption of smart home equipment in rental properties, ensuring robust security measures and prompt response to vulnerabilities is essential to safeguard residents' privacy and security.
No comments:
Post a Comment