oBike Vulnerability: Bypassing Locking Mechanism via Bluetooth Low Energy Replay Attack

oBike Vulnerability: Bypassing Locking Mechanism via Bluetooth Low Energy Replay Attack

CVE-2018-16242 · LOW Severity

AV:A/AC:M/AU:N/C:N/I:P/A:N

oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.

Learn more about our Web Application Penetration Testing UK.