Skip to main content
  1. Home
  2. Smart Home
  3. News

DEF CON attendee finds 75 percent of Bluetooth smart locks are open to hacks

By

bluetooth smart locks easily hackable 39577996 ml
Alexander Kirch/123RF
At this year’s annual DEF CON hacking conference in Las Vegas, a duo of researchers made the startling discovery that roughly 75 percent of Bluetooth-powered Low Energy smart locks are susceptible to hacks. What’s arguably a touch more unsettling than the researchers’ findings, however, is the fact the manufacturers of these at-risk locks — companies like Ceomate, Vians, Quicklock, and others — didn’t seem overly concerned their products contained such holes. Considering a large part of smart home innovation is geared toward making homes safer, these findings certainly won’t be attracting new customers anytime soon.

While attending the DEF CON conference last week, electrical engineer and smart home researcher Anthony Rose took to the task of testing 16 different Bluetooth smart locks. Along with research partner Ben Ramsey, the duo found that 12 of the reviewed locks featured at least some amount of wireless access when attacked. Furthermore, Rose and Ramsey say that the difficulty of successfully hacking each product was various, as some proved to be rather easy to access while others boasted a slightly harder barrier for entry.

The August Smart Lock
August

“We figured we’d find vulnerabilities in Bluetooth Low Energy locks, then contact the vendors,” Rose told Tom’s Guide. “It turned out that the vendors don’t really care. We contacted 12 vendors. One one responded, and they said, ‘We know it’s a problem, but we’re not gonna fix it.'”

Recommended Videos

Obviously, a statement of that nature is particularly troubling, though it’s the actual vulnerabilities Rose and Ramsey found that are especially damning to the companies involved. Of the 12 locks boasting security holes, four of them willingly sent a user’s password — in plain text — to a smartphone, meaning someone who knows their way around a Bluetooth sniffer wouldn’t have to struggle much to obtain a critical password. Additionally, Rose and Ramsey reported that Quicklock’s Doorlock and Padlock models even offered to send the password multiple times, allowing them to change the password and effectively cut off access to the original owner.

“Vendors prioritize physical robustness over wireless security,” Rose added. “Our recommendation to anyone who owns one of these smart locks is to turn off Bluetooth on the smartphone when it’s not in use.”

Though a few of the manufacturers with hacked locks claim they encrypt a user’s password when it’s transmitted via Bluetooth, Rose and Ramsey still reported having the ability to swipe the password out of thin air before sending it back to the lock itself. By doing this, the smart lock would then unlock itself without the original owner knowing or either of the researchers needing to decrypt and encrypted password.

So who passed the test? According to the pair of researchers, models released by August and Kwikset boasted enough security — i.e., no hard-coded passwords, proper encryption, and two-factor authentication — to pass as somewhat secure. It is worth noting that a different researcher at DEF CON claims to have hacked the August Smart Lock so, take Rose and Ramsey’s pseudo-seal of approval with a grain of salt.

Editors’ Recommendations

Topics
Rick Stella
Rick Stella
Former Digital Trends Contributor
Rick became enamored with technology the moment his parents got him an original NES for Christmas in 1991. And as they say…
Aqara launches U100 smart lock with full Apple HomeKit support
A person unlocking the Aqara U100 smart lock with their phone.

The list of smart locks that support Apple HomeKit isn’t quite as impressive as those of Google Home and Alexa, but Aqara has officially added one more to the list with the Aqara Smart Lock U100. Clocking in at $190 and now available on Amazon, the premium smart lock offers full support for Apple HomeKit -- along with tons of cool features that should position it as a top option for smart home enthusiasts.

As you’d expect, the Aqara U100 comes with a keypad that lets you enter a passcode to unlock the deadbolt. However, you’ll also find a fingerprint scanner that can hold up to 50 unique prints and the option to set up Apple home keys to unlock it with your Apple Watch or iPhone. Aqara also tossed in a physical key in case of emergencies.

Read more
Smart lock buying guide
Side profile view of August smart lock on a door.

Smart locks are an important part of any smart home. Not only do they give you useful features like the ability to unlock the door with a passcode or remotely with your smartphone, but they’re the first thing visitors see when coming to your home. Because of this, smart locks need to be both functional and appealing to the eye.

That’s a tall order for what’s essentially just a lock -- but there are tons of great products to consider in 2023. But if you need some help with your search, this smart lock buying guide will teach you what a smart lock is, factors you should consider when shopping for a smart lock, and everything else you need to know about these popular gadgets.
What is a smart lock?
A smart lock is not all that different from a traditional lock. What makes it smart is typically a Wi-Fi connection that allows you to link the physical lock to a companion app. The app allows for activities like remote access, geo-location features (to have your door unlock automatically when you pull into the driveway, for example), and even creating digital passkeys for other family members, friends, contractors, or visitors.

Read more
Lockly smart lock adds voice controls, fingerprint sensor to existing deadbolts
The Lockly Flex Touch Pro installed on an existing deadbolt.

Lockly seems to have kept renters in mind with its latest product, the Flex Touch Pro. Unlike most traditional smart locks, this one doesn’t require you to install a new deadbolt -- yet still manages to add both voice controls and a fingerprint scanner to your front door.

The Flex Touch Pro was revealed during CES 2023 and is scheduled to be released in the first quarter of 2023 with a price tag of $230. That pricing puts it right in the middle of the smart lock market, although its retrofitting design and impressive biometric features should make it an appealing option for both renters and homeowners. The product comes with three unique frames to offer a nearly universal fit and supports Wi-Fi for remote access, letting you check in on the status of your door regardless of where you are.

Read more