Multiple vulnerabilities were found in the eLinkSmart smart lock range. Flaws in the implementation of the locks' Bluetooth Low Energy (BLE) communication and the back-end API enable an attacker to unlock any lock within Bluetooth range, identify the location of any lock in the world, and compromise user credentials.
This blog post describes the vulnerabilities, as well as the process followed to identify them, and demonstrates the issues in action.