Security Alert: Chirp Systems Smart Locks Expose Homes to Remote Access

by | Apr 15, 2024 | Data breaches and hacks, News

The U.S. government has issued a warning regarding a significant security vulnerability in Chirp Systems’ smart locks, affecting an estimated 50,000 homes across the country. Despite being notified of the issue over a year ago, Chirp Systems has failed to address the flaw, leaving thousands of residences at risk of unauthorized access.

 

Vulnerability Details:

  • The vulnerability stems from hard-coded credentials stored within the Chirp Access system’s source code, potentially granting unauthorized access to sensitive information.
  • Researchers, including Matt Brown from Amazon Web Services, discovered that the flaw could be exploited to remotely lock or unlock any door equipped with Chirp smart locks.
  • Although Chirp Systems was alerted to the vulnerability in March 2021, they have not collaborated with CISA to mitigate the issue, prompting concerns over the security of affected homes.

Response from Chirp Systems:

  • Chirp Systems has not responded to requests for comment, leaving affected homeowners in limbo regarding the security of their smart locks.
  • The company’s parent company, RealPage, Inc., is facing legal action from multiple U.S. states for alleged collusion with landlords to unlawfully raise rents.

Concerns and Implications::

  • The security flaw not only compromises the safety of homeowners but also highlights broader concerns about the accountability of companies in the smart home technology sector.
  • Residents relying on Chirp smart locks have limited options, as the flaw remains unaddressed, raising questions about consumer protection and corporate responsibility.

Legal Action and Investigations:

  • RealPage, Inc., the parent company of Chirp Systems, is facing lawsuits and regulatory scrutiny for its alleged role in facilitating rent inflation and creating rental monopolies.
  • Attorneys general for Arizona and the District of Columbia have filed lawsuits against RealPage, underscoring the legal ramifications of the company’s business practices.

Conclusion: The lack of response from Chirp Systems underscores the urgent need for companies to prioritize cybersecurity and promptly address vulnerabilities to protect consumers’ safety and privacy. As investigations and legal proceedings unfold, affected homeowners are advised to take precautionary measures to secure their homes against potential breaches.

Source Article :
U.S. Cybersecurity & Infrastructure Security Agency (CISA)

Cookie Consent with Real Cookie Banner