Enlarge image
Abus flag at a trade fair: a manufacturer's wireless door lock has a security problem
Photo: Priller&MAUG / Priller&Maug / IMAGO
The Federal Office for Information Security (BSI) has warned against the use of the digital door lock HomeTec Pro CFA3000 from the manufacturer Abus.
The authority recommended on Wednesday to pay close attention to which variant of it is installed and to replace a specific type.
The reason: A weak point in the wireless door lock drive allows attackers who are nearby to unlock the lock and thus gain unauthorized access to buildings, offices or apartments.
However, the authority did not reveal any details about the vulnerability.
The BSI emphasized that Abus had confirmed the vulnerability and announced that the product examined was a phased-out model, which was replaced by a successor model in March 2021.
In the original model, however, the problem can no longer be eliminated because there are no update options for the customer.
However, it is not easy to identify the affected locks: With reference to Abus, the Bonn authorities write that the successor model does not differ significantly from the lock with the security problem, either visually or in terms of its name.
The date of purchase or manufacture of a HomeTec Pro CFA3000 is also not a reliable indicator of whether your own device is affected by the vulnerability "due to a lack of specific information".
The affected lock was sold in a set with a radio remote control called CFA3000.
»Recommend checking the use of alternative products«
According to Abus, you should be able to recognize the revised version of the device by the fact that it comes with a key card with a unique QR code.
In addition, the BSI quotes information from the manufacturer that the new version has a Bluetooth logo on the product and on the packaging.
Digital door locks are being used more and more frequently to protect rooms and entrance doors.
For locking and unlocking, different techniques for transmitting locking and opening signals, such as radio, are used.
On the Abus website on Thursday morning there was no indication of any security problems or how you can tell which product generation you are using on the subpage for the HomeTec Pro CFA3000.
At the request of the news agency, the company initially did not comment on the subject on Wednesday.
BSI President Arne Schönbohm said on Wednesday: "We expect that companies will not leave their customers alone with a problem of this magnitude and recommend examining the use of alternative products."
mbo/dpa
