Security gap: Wireless door locks from Abus can be hacked

Critical security gap in the HomeTec Pro CFA3000 wireless door lock from Abus. The contactless lock can be easily hacked and thus allows unauthorized persons access to the house or apartment of the owners.

Abus HomeTec Pro CFA3000 with critical security vulnerability

The German Federal Office for Information Security (BSI) has published a warning informing about a critical security vulnerability in the HomeTec Pro CFA3000 wireless door lock from manufacturer Abus.

Unauthorized persons could use this vulnerability to gain access to the house or apartment of the owners from the immediate vicinity and lock and unlock the door lock. According to current knowledge, devices of the wireless door lock HomeTec Pro CFA3000, as well as the enclosed wireless remote control CFF3000 from Abus are affected.

BSI recommends immediately dismantling the corresponding wireless door lock and replacing it with an alternative product.

Manufacturer Abus knows about the security gap

An explosive detail: according to the BSI report, manufacturer Abus is already aware of the security vulnerability. Moreover, the vulnerability could not be easily remedied, since the lock of the type HomeTec Pro CFA3000 does not provide for any update options for end users.

In addition, it is a discontinued model, which was already replaced in March 2021 by the successor generation HomeTec Pro Bluetooth CFA3100 (currently 195.00 euros at Amazon).

“The successor model, however, differs neither visually nor by its designation substantially from the affected devices,” warns the Federal Office for Information Security. Since concrete information is missing here, the date of purchase or manufacture is not a reliable indication that this is not affected by the vulnerability.

However, manufacturer Abus notes that the newer model can be distinguished by the Bluetooth logo on the product, as well as by a “physical QR code card, which is included with the product,”.

However, the BSI criticizes that an individual evaluation and weighing of potentially associated dangers is not possible in sufficient form for users of the wireless door lock without sufficient public information.

In any case, the market offers several alternatives to smart door locks. Huawei introduced the Smart Lock Pro including 3D facial recognition and fingerprint sensor in March. Xiaomi followed up with the Smart Door Lock M20 without a latch in June, while the Nuki Smart Lock 3.0 Pro with many improvements was launched shortly after.