Can Smart Locks Be Hacked? See What Security Experts Say!


Smart locks are the essential gadgets that you can get for your security system and home automation. There are countless benefits of getting a smart lock for your front door such as protecting your loved ones from any harm, stopping intruders from breaking in, and guarding your valuables against being robbed.

But are these smart locks secure? Can someone hack these locks? These two important questions are considered by everyone before getting smart locks.

So, in this read, we’ll discuss various kinds of smart locks and their working mechanism. We will also talk about different ways through which these locks get hacked and how you can prevent the same from happening. Lastly, there is some advice and tips to help you with picking a secure smart lock.

[lwptoc]

How Do Smart Locks Operate?

With all these smart features, smart locks can help you a lot with your daily routine. You can manage the smart locks through Bluetooth if there’s a short distance. Also, if they are connected to some wireless network, then you can manage them remotely through your computer, the app, or your smartphone, even when you’re miles away.

The smart lock offers you hands-free access to unlock or lock your main door. This means you can let your guest in, without even getting up from your couch. The smart lock sends you a notification when it is locked or unlocked through its app. Plus, it also records all those events.

Some smart locks include the geofencing feature. This lets you set up a boundary around your place. You can set the feature to enable when your phone is detected leaving or entering the boundary.

You can also connect the smart locks to smart speakers such as Amazon Echo Dot. With the voice assistant feature, you can easily manage the smart locks with some simple voice commands.

Kinds Of Smart Locks

So when you’re looking for a smart lock, you should keep in mind that there are various kinds of smart locks available in the market. Smart locks use modern technology to work and keep your place secure, unlike the traditional locks that use a simple tumbler and key layout.

The kind of smart lock you pick should depend on what features you want for precise use. So, let’s look into the kinds of smart locks and how they usually work.

Combination Or Keypad Locks

Combination locks such as Nest x Yale Lock with Nest Connection, lets you program a combination of codes to use to unlock your main door. When you enter the correct code, your door will be unlocked as the electrical current will be created to revoke the lock bolt.

Most keypad and combination locks work on the combination of letters or numbers for the access code. The secure keypad locks only let a few tries to insert the access code before it momentarily bars any more tries to unlock the main door.

Fob Enabled Locks

If you haven’t heard about this phrase yet, then here’s a small description.   The fob is a tiny device that is programmed to provide you access to space or building. One of the most popular examples of a fob is the one that is used to unlock the car door or disarm the car alarm.

It is much more convenient and easier to use in comparison to the key lock.

Radio Frequency Identification is the technology used by the fob-enabled lock. Now, what is RFID? It is a program that uses electromagnetic range to detect and record data stored on chips. This data is shared with the help of radio waves.

The smart locks for doors use RFID to verify or confirm that a person has authority to unlock the door.

These locks need a reader which is already in-built in the lock. The key fob comes with a unique code entered onto a microchip or a small circuit.

This particular microchip carries the code on a specific radio frequency which can be simply detected by the reader. When the reader detects a valid code, then it unlocks the door.

The Samsung Digital Door Lock comes with a “double authentication” mode which needs both a combination code and an RFID tag to unlock.

Biometric and Fingerprint Locks

A biometric lock uses the sole features of an individual seeking to get access to decide whether or not to permit access. This feature covers the odor of a person, the voice, fingerprints, the shape of one’s face, the iris or retina of the eye, or even the DNA.

For domestic biometric locks, the most used means of authentication is the fingerprint. The smart lock for doors provides access to some people by identifying their sole fingerprints.

One of the fingerprint locks is the Ultraloq U-Bolt Pro. It uses a scanner to capture the picture of the fingerprint. It turns the picture into digital data and then records that data. So, when someone attempts to get access to your door, the lock scans their fingerprint, turns it into data, and then matches it with the stored data.

When it matches with the stored data, the lock unlocks. However, if it doesn’t get matched, then it doesn’t get unlocked. Various fingerprint smart locks also have a second mode of authentication, basically a keypad.

Now How Smart Locks Get Hacked?

When you’ve installed the smart locks properly and it is used correctly, then it is as secure as regular locks. Plus, with authentication features such as facial and fingerprint identification or a combination key code, they might be even more secure than the tumbler locks and traditional keys.

However, if the smart lock isn’t programmed or manufactured properly, then it can possess some vulnerabilities.

In 2016, Anthony Rose, a security researcher examined around 16 Bluetooth-equipped smart locks and discovered that 12 of them had either “poorly enabled security or no security”.

The means Rose used to hack the smart locks are budget-friendly and easy to buy- a Bluetooth sniffer such as the Ubertooth one; a high-gain antenna such as TerraWave 15 dBi Yagi Antenna; and a Bluetooth USB dongle such as a Raspberry Pi.

Now, let’s discuss the means through which Rose hacked these smart locks.

SimpleText Passwords

Among the 12 smart locks that Rose hacked, four of them sent simple text passwords. For someone with a Bluetooth sniffer, it is very easy to gain access to users’ passwords and thus, to their place and belongings.

Rose even changes the admin’s password in one of the smart locks. This could lock the owner out of their place.

Also ReadBest Smart Door Lock- Homekit Enabled August Smart Lock

Replay Attacks

The other four smart locks were hacked through the replay attacks. A replay attack is a means of hacking where verified data transportation is prevented from a system and then resent or delayed to the system by the hacker.

Since the information being delayed is properly encrypted, the system identifies it as a correct command. Then it carries out the act, either by providing network access to the hacker or by copying a transaction to serve the hacker.

In the matter of smart locks, the encrypted code can be caught and then resent by a hacker to get command of the smart locks. Then he can reach whatever the owner was trying to protect.

Decompiling APKs

.APK files are used to run and install the application program on the Android operating unit. Hackers sometimes check the application’s source code to check if there are some useful cues to get them access to the system.

This method includes decompiling the. APK file into the Java code so that it gets easier to read. After this, the hacker can edit the code and recompile it, or he can collect the data to use in another hacking process.

Rose used the program named Bytecode Viewer to look at the code in a format that is readable. He discovered that one of the locks that he hacked stored its access password hardcoded within the smart lock’s app code.

Fuzzing

Fuzzing is continuously sending random information change to a program to expose potential flaws or vulnerabilities. It is often used for testing and debugging processes, however, even hackers can use it nefariously.

Rose hacked one of those smart locks by transforming the bytes in its encryption code and repeatedly sending these deformed packages to the lock. Eventually, the lock entered the error status and unlocked automatically.

Later Rose reached the manufactures of the particular lock to tell them about this particular flaw. After this, the company took down its website, however, the locks are still getting sold on Amazon.

Device Spoofing

Rose hacked another smart lock using the technique called device spoofing. In this, the hacker copies the device on the system to get access.

For this, Rose used the Raspberry Pi to copy the smart lock and fooled its cloud server to share the password with him. Then he entered the password in the smart lock and unlocked it.

How You Can Secure The Smart Locks From Getting Hacked?

The four smart locks that Rose couldn’t hack into had some things in common. These things were 2-factor authentication, 16-20 character passwords, and reliable AES encryption.

So to secure your smart locks from getting hacked, there are some things that you can look for while getting the smart locks and some things you can do to prevent them from getting hacked.

Here are some advice and tips for picking the most secure smart lock for your home.

Can Smart Locks Be Hacked

Purchase Smart Locks From Genuine Companies

Most people look for the best deals and bargains on anything they purchase. However, in the case of the safety of your place, you shouldn’t sacrifice the quality of the device you install.

Yale, Nest, Kwikset, and Schlage are some of the top-notch and trustworthy brands for smart locks right now.

Some smaller and lesser-known manufacturers might not involve enough safety protocols in their devices or will attempt to build their protocol to save costs.

This means it will surely reduce the price of their device to the users, however, it compromises the capacity to prevent hackers.

The Smart Lock Must Use Precise AES Encryption

Smart locks should use at least 128-bit AES encryption for every interaction it makes. This is the standard encryption means used by the United States government. This has become the norm for most of the private sector around the globe.

The Smart Lock Must Use 2-Factor Authentication

The 2-Factor Authentication (2FA) needs two sorts of verification to provide access to the system. This makes stuff a lot more difficult for hackers.

For example, using a pin along with the voice command or having a password in addition to the security fob before permitting access.

The Smart Lock Should Allow The Usage Of Long Passwords

The password used in the smart lock should belong i.e., the password should at least contain around 16 characters. Smart locks with small passwords are more exposed to hackers than the ones with long passwords.

Brute force is one of the most common methods used by hackers to crack the password. With this technique, the hacker tries various versions of passwords in hope that one of them will gain access.

Keep Application And Software Updated

Make sure you update the apps on your phone regularly. There’s a reason behind updates, and it secures freshly detected safety warnings or updates the app’s functionality to some extent.

Check The ANSI Grade

The ANSI is the AmericanNAtiona Standard Unit Grade. It is based on the system built by the Builders Hardware Manufacturers Associations (BHMA). It deals with the hardware of the smart lock, instead of the software.

There are particular examinations and results that a lock must act and meet to get the grade. This grade rates the durability, quality, and security of the lock and is denoted by 3-grade levels.

ANSI Grade 1- This is the highest level of Domestic security. The lock must withstand 1 million opening and closing sequences and endure the force of 10 strikes of 75 pounds, 1 inch bolt.

ANSI Grade 2- This is the intermediate level of Domestic security. The lock must withstand 800,000 opening and closing sequences and endure a force of 5 strikes of 75 pound, 5/8 inch bolt.

ANSI Grade 3- It is conventional residential security. The lock must withstand 800,000 opening and closing sequences and endure a force of 2 strikes of 75 pounds, 5/8 inch bolt.

admin

I spend each darn end of the week taking a shot at home tasks and trimming down the “nectar do” list. This is where I share the majority of the undertakings I’ve done and things I’m learning.

Recent Posts