A keyless smart door lock made by U-tec, called Ultraloq, could allow attackers to easily pick the lock either virtually or physically. Pen Test Partners, with help from researchers identified as @evstykas and @cybergibbons, took a closer look at the keyless lock maker’s vulnerabilities. U-tech fixed the glaring API issue but has not addressed a Bluetooth Low Energy (BLE) issue that allows attacker to easily crack the lock open with a brute force credential attack. An additional weakness was identified in the API s lack of authentication.
Source: https://threatpost.com/smart-lock-turns-out-to-be-not-so-smart-or-secure/146091/