Buying a smart lock might be a dumb investment

Buying a smart lock might be a dumb investment

We’ve known for some time that the Internet of Things (IOT) was basically a connected dumpster fire. Time and time again, these connected devices have proven that, while convenient, they aren’t necessarily safe. In fact, many manufacturers have a rather apathetic view on security, which leads to a lack of trust in connected products.

Smart door locks are no exception.

Two different presentations at hacker conference DEF CON this year make it clear there’s a long way to go before the convenience of a smart lock properly aligns with user safety.

Anthony Rose and Ben Ramsey, from Merculite Security, proved that connected door locks are every bit as vulnerable as their analog counterparts — or even more so — with $200 worth of off-the-shelf hardware. While it’s clear that not all smart locks are created equal, the duo tested 16 locks from top manufacturers like iBluLock, Masterlock, and August — 12 of the 16 failed.

August-open-phone

Some, like Quicklock, iBluLock and Plantraco, transmitted passwords in plaintext, making them vulnerable to anyone sniffing Bluetooth traffic.

Others, like Lagute, Vians and Ceomate were vulnerable to a replay attack, which is simply snatching the signal out of the air when a legit user locks/unlocks and then re-using it after they leave. Replay attacks, it should be noted, have been around for decades and were commonly used to open garage doors. The idea that a decades-old vulnerability exists on modern smart locks is nothing short of mind boggling.

That said, some — like the August door lock we reviewed in April — held up admirably and didn’t allow the hackers to gain access. But then again, you can’t argue with results, and 12 of 16 locks having easily-exploitable vulnerabilities certainly doesn’t leave us with a feeling of confidence when buying a smart lock.

‘Smart’ locks yield to simple hacker tricks on TechCrunch

Read next: Netflix's super simple speed test tool is now available on Android and iOS

Corona coverage

Read our daily coverage on how the tech industry is responding to the coronavirus and subscribe to our weekly newsletter Coronavirus in Context.

For tips and tricks on working remotely, check out our Growth Quarters articles here or follow us on Twitter.