Security Center

Welcome to the Digilock Security Center. We take security seriously and are continuously working to strengthen security across our products.

This page is designed to provide a destination for reporting and addressing security notices regarding Digilock products. When vulnerabilities are reported, we immediately begin working to identify, analyze and respond to known vulnerabilities.

Digilock Security Advisories

Security Concern: Data extraction from Digilock locks and electronic keys

Digilock has become aware of efforts by a security researcher to identify and access vulnerabilities in its legacy locks. These efforts reportedly began in 2018, and after six years, the results were only recently published. The vulnerability was only identified after significant efforts including, for example, dissecting the locks and the keys at a component level, soldering wires to the various boards and chips, and creating a custom circuit board.

Exploitation of the vulnerability requires access to and disassembly of a Digilock lock installed at a customer site. Audit trail data and the end user four-digit PIN code may be extracted, and the site-specific electronic key may be duplicated. The duplicated key can easily be overridden and rendered inoperable by implementing a substitute manager key.

Additional security implementation(s) on locks currently available for purchase may include:

• Implementation of code protection on additional data blocks;
• Additional encryption of data communicated between lock and key; and
• Additional encryption of EEPROM data at rest.

There is no evidence that this vulnerability has ever been exploited at an existing customer site. If you would like to discuss this further, please contact your Digilock representative.