Security or Major issue at minimum (Lock Bolt)

Wyze Lock Bolt:

I just found what I feel is a MAJOR security issue or at very least MAJOR problem.

I have a bunch of pre made codes so when my AirBnB guests come I can give them a code when I am away and not home that will work. I then remove that code when I come home.

Once a week or so I also pre setup codes for all my future guests and those codes are only valid on checkin and checkout dates.
This allows me to then schedule messages to my guests.

What happen today was that I could not connect to the Wyze Lock and whatever I did it would not connect.
So like my Cameras that have done this before I pressed the button on the back and reconnected the lock. This is where the issue comes.
All my pre done codes for my guests are gone, everything on the lock was reset.

WHY???

SECURITY ISSUE!!!
What is stopping a guest doing the same thing and wipping out all my codes and locking ME out of my home??? Maybe my last guests did this even? How do I findout if it was reset last night by my guests.

I am VERY concerned of this issue and really need some help!

Looks like normally factory resetting the Lock Bolt requires app access to delete the device from the app…however I found this warning about an exception:

Warning: If you press the pairing button and take out the battery during the pairing period, the Wyze Lock Bolt will delete everything stored in the device (all users and settings). Don’t try pairing and power cycling at the same time. Wait for re-pairing to finish first.

So that may be what happened here for some reason.

Thanks for that. So looks like I found a new loophole somehow, as part of my trying to get it to work I opend door (manually) locked door and then finger print open door.

Then more bluetooth trying to connect it.
No luck so I go to add device in app says install whoch I skip of course, then pess for 3 seconds do all that process and yep 100% reset…

So what happen to me should NOT have happened is that what your saying?
It should have re paired with existing settings like I think Cameras ans such do…
In otherwords I should not have lost everything?

As long as you didn’t remove the batteries, then yes, it sounds like it should not have deleted everything. This makes me wonder like you did earlier if maybe the renters did that.

I’m guessing the logs got deleted too when it factory reset, or I would suggest connecting to it and trying to submit a log and then calling support to submit a support ticket, but I don’t know that the logs would show anything now. It might still be worthwhile to submit an official support ticket anyway just to make sure this issue gets officially logged in Wyze’s in-house tracking system. I agree that this is problematic for people who rent out properties, especially if it happened to be the only entrance to the house. That could be pretty bad and require a locksmith.

I would agree that this seems like a flaw. Generally speaking, I would expect security locks should implement reasonable tamper-proofing and safeguards.

Thanks again.
Yes did not remove batteries.
It was not fully reset by renters as my fingerprint worked to unlock before I did the re sync that ended up being a full reset.

I have submitted a log and see what they say.

1 Like