Chirp Systems and RealPage are aware of the recently issued CISA Advisory raising potential concerns with Chirp software. Following notification of the Advisory, we engaged with CISA administrators and conducted an internal investigation. Today, CISA formally downgraded its Risk Evaluation related to the Chirp software, concluding there are no vulnerabilities in the Chirp code base that could be used to take control of and gain unrestricted physical access to locks, doors, or gates managed by Chirp Systems.
The safety of our customers and their information is our top priority. We conduct regular penetration testing and scans of our software to ensure our solutions cannot be used by bad actors to gain unauthorized access. RealPage also provides a Responsible Disclosure Policy to give security researchers clear guidelines for conducting vulnerability discovery activities and to submit any discovered vulnerabilities to us.