Kwikset fixed the flaw with an Android app update on Dec. 16, 2021. If you're a Kwikset Halo smart-lock owner or user, make sure your Android app is updated to version 1.2.11. Kwikset's iOS app did not seem to be vulnerable to this flaw, Bitdefender researchers told Tom's Guide. The malicious app would have to create pointer links that tricked the Kwikset app into exported the AWS credentials from a protected file into an unprotected file, where the malicious app could then read them. (Image credit: Kwikset)The good news is that the Kwikset Halo Android app was otherwise pretty sound.

Source: Fox News April 06, 2022 13:37 UTC