Smart deadbolt vendor issues replay-attack fix

patricks95 · December 16, 2025, 7:21pm

Anyone else deploy the v3.2 firmware a major smart deadbolt vendor pushed on Friday? In our audit this morning, the update appears to properly randomize session nonces, but I’m advising full credential re-enrollment and a quick review of door event logs from 08/28–09/10 to surface anomalies — curious if your field results and timelines align.

‌⁠‍⁠‍‍‌⁠‌‍‍⁠‍‍‍‍‌‍⁠‌‍⁠⁠‌‍⁠‌‍‍⁠‌⁠⁠‌‍⁠‌‌‍‍‌‌⁠‌‌‍‍‍‍‍⁠‍‍‌‍‍⁠‍‍⁠‍‍‍‍‌‍⁠‍‌‍‌‌‌⁠‌⁠‌‌⁠⁠‌⁠‌‌‍⁠⁠‌⁠‌‍‍‌‌‍⁠‍‍‍⁠‍‍‌‍‍‌‌‍‌‍‍⁠‍‍‍‍‌‍⁠‍‌‍‌‌‌⁠‌⁠‍‍‍⁠‍‍‌‍‌‍‍⁠‍‍‍‍⁠‍⁠⁠‍⁠‌‌⁠‌⁠‍⁠‌⁠‌‍‍‍‍⁠‍‍‌‍‍‍‍⁠‍‍‍‍⁠‌⁠‌‍⁠‌⁠‌‍⁠‍‌‌‌‌‌⁠‌‌‌‌‌⁠‌‍‌‌⁠⁠‌‍‌⁠⁠‌‌‍‌⁠‍‌‍⁠‌‌‌‌‍‍‌⁠⁠‌

d_thomas92 · December 22, 2025, 11:10pm

But we found two odd unlocks in the “08/28–09/10” window; re-enrolled and rotated API keys; anyone seeing post-update battery drain? .

‌⁠‍⁠‍‍‌⁠‌‍‍⁠‍‍‍‍‌‍⁠‌‍⁠⁠‌‍⁠‌‍‍⁠‌⁠⁠‌‍⁠‌‌‍‍‌‌⁠‌‌‍‍‍‍‍⁠‍‍‌‍‍⁠‍‍⁠‍‍‍‍‌⁠‍‌‍‌‌‌⁠‌‍⁠‌⁠‍‌‍‍‍⁠‍‍‌‍‍‌‌‍‌‍‍⁠‍‍⁠‌⁠⁠‍‌‍⁠‍‍‌‍‌‍‍⁠‍‍‍‍⁠‍⁠⁠‍⁠‌‌⁠‌⁠‍⁠‍⁠‍‍‍‍⁠‍‍‌‍‍‍‍⁠‍‍‍‍‌‌‌⁠‌‍⁠⁠‌‌‌‍⁠⁠‌‍‍⁠‌⁠‌⁠⁠‌⁠‌‍‍‍‌⁠‌‌‍‌‌‍‌‌⁠‍‌‍‍⁠‌⁠‍‍‌⁠⁠‌