KeyWe Smart Lock unauthorized access and traffic interception

The KeyWe smart lock suffers from multiple design flaws resulting in an unauthenticated - potentially malicious - actor being able to intercept and decrypt traffic coming from a legitimate user.

There are no mitigations to the issue at the time of writing. The only way, although inconvenient for the end user, is to pair a mobile device that will be as far from the device as possible and use a physical key/touchpad only.