You Don’t Need to be so Smart to Hack a ‘Smart’ Lock

Dror LiwerBlog

The Internet of Things has only just begun but it is quickly gaining momentum. Connected devices are becoming an integral part of our everyday lives. As we become reliant on them, it becomes increasingly difficult to secure the devices. Hackers only need to gain one point of entry to compromise your home and even your work network.

As consumers purchase IoT devices to replace banal items in the home, their new found usability quickly outweighs any security implications. On the whole, consumers of connected baby monitors and door bells did not give a second thought to the safety of these items, and they weren’t the only ones surprised when hackers used them to infiltrate their home networks with dire consequences. Baby monitors and door bells are one thing. Locks, however, in their very nature are required to be safe. . Good fences make good neighbors, and strong locks make the best guard-dogs. ‘Smart’ locks,Bluetooth-enabled locks that open at the touch of an app—aren’t strong at all. They’re easy to hack, and in some cases they’re even easier to physically pick than traditional locks. You know, the ones with a lock and key….


A Good Hacker Can Already Pick Most Locks

Hackers and locks are a storied combination. Most good hackers (either white-hats or black hats) will deliberately cultivate a lock-picking hobby on the side. The physical activity of picking a lock is apparently a wonderful analogue for the mostly mental activity of hacking a secure system. Plus, if you’re a hacker or a penetration tester, it’s a lot easier to crack open a computer system after you’ve broken into its physical location.

For this reason, any hacker worth their salt is probably going to laugh when confronted by a smart lock—they know two ways to open it up! Worse still, in order to digitally hack one of these locks, you need far from a high level of skill.


How to Hack a Smart Lock

Most hackers will try to go for the digital route first, which leaves no physical traces of forced entry. Here’s a pretty detailed tutorial describing how one security researcher was able to hack a popular model of smart lock. This kind of lock gets fitted over an existing deadbolt, and is opened using an iOS or Android app.

The hacker describes the process of dismantling the application that controls the lock. First, they find the encrypted directory that stores the information which allows the application to authenticate itself with the lock. Then, they figure out the way that the application communicates with the manufacturer’s servers.

Using this information, they were able to rewrite the application in a way that allowed it to identify itself as a “guest,” and open not just a particular lock, but any lock made by the smart lock manufacturer. Even worse, the researcher was able to use the signature of the traffic between the locks and the manufacturer to physically locate any smart lock of that brand within range of their cellphone.


The Bad News Gets Worse

You’ll be far from safe by selecting another manufacturer’s brand of lock. A recent demo at DEF CON 2016 showed that essentially any brand of smart lock is vulnerable to similar forms of attack. If those attacks don’t work, it turns out that physical forms of attack work almost as well.

It turns out that smart locks are easier to physically penetrate than ordinary locks without digital enhancements. Here’s a video of a man breaking through a Bluetooth door lock with tools no more sophisticated than a hammer and screwdriver. Here’s an article about how you can pick a $90 Bluetooth padlock with a shim made out of a $2.50 aluminum can. These locks aren’t just digitally insecure—they’re physically flimsy.

Follow us on Facebook, Twitter and LinkedIn for up to date news on how to keep your home and work network safe and secure.