Predictable BLE session keys in Marisol smart deadbolts
BoltLink Pro deadbolts derive their per-session BLE encryption key from a 16-bit pairing nonce seeded by the device uptime counter, collapsing the effective keyspace and enabling a proximity replay attack.
- Vendor
- Marisol Access
- Product
- BoltLink Pro (2024–2025 hardware rev C)
- Severity
- High · CVSS 8.1
- Target
- Consumer IoT
- Disclosed
- Status
- Mitigation available — rev D hardware unaffected
Overview
BoltLink Pro pairs with a companion phone app over Bluetooth Low Energy. Each session negotiates an AES-128 key, which on paper is sound.
In practice the nonce that seeds key derivation is drawn from a free-running uptime timer sampled at pairing. Because the lock reboots predictably and the timer is only 16 bits wide, the realized keyspace is far smaller than the cipher implies.
Attack
An attacker within BLE range records a single unlock exchange, then walks the constrained nonce space offline. On rev C hardware we recovered the session key in under four minutes on a laptop, allowing a clean replay.
Remediation
Rev D hardware sources the nonce from the on-die TRNG and is unaffected. For rev C, Marisol issued a firmware update that mixes accelerometer entropy into derivation; owners should also disable auto-unlock-on-approach.
Disclosure timeline
- Initial report to Marisol security
- Triaged, rev C confirmed affected
- Firmware mitigation released
- Public advisory