Due to the lack of an update function, there is a permanent vulnerability in the wireless door lock HomeTec Pro CFA2021 from the manufacturer Abus, such as BSI warns.
The Federal Office for Information Security (BSI) is currently warning of a permanent security problem at Abus. Accordingly, the BSI is aware of a security vulnerability in the product set wireless door lock drive HomeTec Pro CFA2021 and wireless remote control CFF3000 (Radio remote control for the product CFA2021) obtained. The locks are used to lock and unlock rooms and entrance doors. Therefore, property security is at risk when using these wireless door locks.
As the BSI announced yesterday, with the Abus product set of a wireless door lock, both the wireless door lock drive HomeTec Pro CFA2021, and the associated radio remote control CFF2021 also has a security gap. Unauthorized persons nearby could use the bug to unlock. In this way, you could gain access to houses, buildings, offices, apartments or other application locations.
The product manufacturer confirmed the situation to the BSI. Abus also pointed out “that the weak point in the wireless door lock drive HomeTec Pro CFA2021 (in this product generation ) cannot be remedied because there are no update options for the customer”. The product is a discontinued model. As early as March 2021 a successor generation came onto the market, replacing the defective wireless door lock.
Consumers should pay attention to model differences
When purchasing, pay attention to the two differences listed below, which distinguish the successor model from its predecessor. As reported by the BSI, citing Abus, “the secure successor model can be recognized, among other things, by an enclosed key card with a unique QR code in each case. In addition, the product and packaging of the new version are printed with the Bluetooth logo”.
Otherwise there are no other substantial differences to the affected devices, neither visually nor through the product designation. As the BSI informs, consumers “without sufficient public information from the manufacturer Abus cannot carry out a sufficient individual assessment and assessment of the risk situation for their application of the device” . In addition, the “date of purchase or manufacture of a corresponding device is not a reliable indicator of whether it is affected by the vulnerability”.
The BSI recommends using the Abus successor model or an alternative
The BSI clarifies:
” to secure rooms and buildings, the product HomeTec Pro CFA3000 with alternative products as long as it has not been ensured that a successor generation of the Abus model has been installed. For a final assessment of individual risk situations and further assistance, consumers can contact the manufacturing company, Abus.”
BSI President Arne Schönbohm warns:
“Through weak points in such wireless door locks, the main function of the products is not only compromised, but reversed, since these security gaps can be exploited by unauthorized persons.We expect that companies will not leave their customers alone with a problem of this magnitude and recommend examining the use of alternative products.”