Recently, Armis Labs discovered a new Bluetooth threat. We’ve received many questions and concerns over the security of your connected devices, so we hope this post helps answer those questions. In short, your Kwikset devices that use Bluetooth technology, namely Kevo and Premis devices, are secure and are not at risk of attack from the BlueBorne threat.

Kevo and Premis are Secure

The BlueBorne attack unveiled 8 vulnerabilities in the Bluetooth product stack, one of which affects “Bluetooth Low Energy”. BLE technology is found in Kevo and Premis; however, the specific BLE service that is affected, called LEAP, is not used in Kevo or Premis. Kevo and Premis devices remain secure and unaffected by the recent discovery of BlueBorne by Armis Labs.

What is BlueBorne?

BlueBorne is an attack by which hackers are able to use Bluetooth connections to penetrate and control a target device. BlueBorne can affect computers, phones, and IoT devices, all without the device owner’s knowledge. The BlueBorne attack is spread “through the air” via Bluetooth, making it highly infectious to connected devices. Also, because Bluetooth processes generally have high privileges on operating systems, this type of attack is very desirable to potential hackers.

Learn more in a short video from Armis Labs:

What you should do:

Although your locks are secure, please make sure that your connected devices are updated to the latest OS or firmware. Apple, Google*, Microsoft, and Linux have all released security updates to their devices to minimize the BlueBorne threat. In addition to updates, you can take these steps to further protect yourself:

  • Set a secure lock screen.
    • Adding a secure lock screen, like a password, pin, or fingerprint, means a hacker would need to break through that security layer before they access your device.
  • Watch your screen
    • If your screen turns on, it’s best to check it and see why.
  • Turn off Bluetooth when you’re not using it.
    • Although this may seem extreme, experts suggest turning off Bluetooth to completely prevent this type of attack on your mobile device until a patch is available from your manufacturer or carrier.

*Google issued a security update patch and made that patch available to their partners on August 7th, 2017, but it is up to Google Partners (think Samsung or LG) to implement those patches on devices. If your device is manufactured by Google (Pixel and Nexus devices) you are likely protected. To check if your device is at risk, you can download the Armis BlueBorne Scanner App from Google Play.

If you have any further concerns about BlueBorne or the security of your Kwikset products, please leave us a note in the comments below.