FIGURE 2-9. Kevo security question for password reset
The security risk here is the possibility of a malicious entity having gained temporary
access to the target individual’s email account. Since the target has to set up a new account
and answer the security questions on registration, the malicious entity can pick arbitrary
answers to the security questions, which will in turn lock out the legitimate user from reset-
ting the password.
The physical lock contains a program button that is easily available by lifting the indoor
cover. As shown in Figure 2-11, the user must press this button and hold the phone next to the
lock to allow the phone to open the lock. Once this is set up, the user needs to touch the exter-
nal face of the lock to wake it up. When this happens, the lock communicates with the iPhone
using BLE and unlocks (or locks) when a preprogrammed iPhone is found within the vicinity.
BLUETOOTH LOW ENERGY AND UNLOCKING VIA MOBILE APPS 53