Chirp Systems Chirp Access (Update C)

Monitor4.3ICS-CERT ICSA-24-067-01Mar 7, 2024

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Chirp Access mobile app (all versions on Android and iOS) does not properly validate or authenticate requests to modify Beacon configuration settings or disable Bluetooth functionality on non-networked door locks. An attacker with physical proximity to a Beacon could use the Chirp Access app to alter access control settings or disable the lock's wireless capability without authentication.

What this means

What could happen

An attacker with physical proximity could modify door beacon settings or disable Bluetooth lock functionality on non-networked smart doors, preventing legitimate access or allowing unauthorized entry.

Who's at risk

Facilities managers and security teams operating non-networked Chirp Access Bluetooth door locks in office buildings, hospitals, campuses, data centers, and other controlled-access environments should be aware of this vulnerability. Anyone managing physical security for buildings using Chirp Systems smart locks is affected.

How it could be exploited

An attacker within Bluetooth range of the door beacon could use the Chirp Access mobile app to reconfigure beacon settings or disable the Bluetooth radio, disrupting access control on doors that lack network-based security monitoring.

Prerequisites

Physical proximity to door beacon (Bluetooth range, typically 10–100 meters depending on environment)
Chirp Access app installed on Android or iOS device
No authentication required to modify beacon settings

No authentication requiredLow complexityRequires physical proximity (Bluetooth range)No patch availableAffects physical access control

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

Chirp Access app (Android and iOS): vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGMonitor door access logs and beacon status for unexpected configuration changes or Bluetooth disablement

WORKAROUNDContact RealPage/Chirp Systems support to inquire about interim mitigations or workarounds

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGRestrict physical access to areas where Chirp Access Beacons are deployed; limit who can approach doors with non-networked beacons

Mitigations - no patch available

0/1

Chirp Access app (Android and iOS): vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIf possible, migrate to network-connected beacon systems that include logging and remote management capabilities

CVEs (1)

CVE-2024-2197

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/85aac773-fed5-48ce-ba2a-05a9230f623d