tl;dr; My knowledge in Bluetooth LE Communication got quite rusty over time and i wanted to refresh it with an easy target the other day. I wanted to open up the lock with a simple bluetooth command but ended up having access to their entire backend database with a lot of unique users across their entire product lineup. It didn’t go as planned. The Lock and API As all BLE-Locks work, they require an App to talk to the Lock itself and an API on the company side.

Infosec Person.

Security Researcher

Germany