Skip to main content

DEF CON attendee finds 75 percent of Bluetooth smart locks are open to hacks

bluetooth smart locks easily hackable 39577996 ml
Alexander Kirch/123RF
At this year’s annual DEF CON hacking conference in Las Vegas, a duo of researchers made the startling discovery that roughly 75 percent of Bluetooth-powered Low Energy smart locks are susceptible to hacks. What’s arguably a touch more unsettling than the researchers’ findings, however, is the fact the manufacturers of these at-risk locks — companies like Ceomate, Vians, Quicklock, and others — didn’t seem overly concerned their products contained such holes. Considering a large part of smart home innovation is geared toward making homes safer, these findings certainly won’t be attracting new customers anytime soon.

While attending the DEF CON conference last week, electrical engineer and smart home researcher Anthony Rose took to the task of testing 16 different Bluetooth smart locks. Along with research partner Ben Ramsey, the duo found that 12 of the reviewed locks featured at least some amount of wireless access when attacked. Furthermore, Rose and Ramsey say that the difficulty of successfully hacking each product was various, as some proved to be rather easy to access while others boasted a slightly harder barrier for entry.

The August Smart Lock
August

“We figured we’d find vulnerabilities in Bluetooth Low Energy locks, then contact the vendors,” Rose told Tom’s Guide. “It turned out that the vendors don’t really care. We contacted 12 vendors. One one responded, and they said, ‘We know it’s a problem, but we’re not gonna fix it.'”

Obviously, a statement of that nature is particularly troubling, though it’s the actual vulnerabilities Rose and Ramsey found that are especially damning to the companies involved. Of the 12 locks boasting security holes, four of them willingly sent a user’s password — in plain text — to a smartphone, meaning someone who knows their way around a Bluetooth sniffer wouldn’t have to struggle much to obtain a critical password. Additionally, Rose and Ramsey reported that Quicklock’s Doorlock and Padlock models even offered to send the password multiple times, allowing them to change the password and effectively cut off access to the original owner.

“Vendors prioritize physical robustness over wireless security,” Rose added. “Our recommendation to anyone who owns one of these smart locks is to turn off Bluetooth on the smartphone when it’s not in use.”

Though a few of the manufacturers with hacked locks claim they encrypt a user’s password when it’s transmitted via Bluetooth, Rose and Ramsey still reported having the ability to swipe the password out of thin air before sending it back to the lock itself. By doing this, the smart lock would then unlock itself without the original owner knowing or either of the researchers needing to decrypt and encrypted password.

So who passed the test? According to the pair of researchers, models released by August and Kwikset boasted enough security — i.e., no hard-coded passwords, proper encryption, and two-factor authentication — to pass as somewhat secure. It is worth noting that a different researcher at DEF CON claims to have hacked the August Smart Lock so, take Rose and Ramsey’s pseudo-seal of approval with a grain of salt.

Editors' Recommendations

Rick Stella
Former Digital Trends Contributor
Rick became enamored with technology the moment his parents got him an original NES for Christmas in 1991. And as they say…
Lockly Flex Touch ditches the bulk in favor of a slimmer fingerprint smart lock
Lockly Flex Touch

The key to a smart lock is ease of use. Everyone wants to be able to get into their homes more easily, especially while carrying an armload of groceries, but no one wants to sacrifice security for convenience. The new Lockly Flex Touch smart lock provides the best of both worlds with easy entry and installation while maintaining strong security due to its 3D biometric fingerprint reader.

The Flex Touch allows up to 99 different fingerprints to be stored on a single lock, so that all members of your household, your extended family, and probably all of your friends could have easy entry into the home if you wanted. That's a lot of fingerprint storage. If you wanted to transmit all of these entries to another lock, you can do so through Lockly's secure eDuplicate system.

Read more
New Level smart lock may be the smallest ever made, but it has tons of features
level fashions smallest smart lock ever made copy of iphone

If there's one smart lock feature that stands out -- aside from the smarts -- it's the size. Most smart locks are large and bulky, even if they do have nice designs. Level aims to change that with the newly announced Level Lock, the smallest smart lock ever made. It's the next iteration of the company's first model, the Level Bolt smart lock that came out in 2019.

The Level Lock takes everything about that disruptive lock and miniaturizes the components, all while still retaining the look of your standard lock. It manages this smaller size by hiding the majority of the necessary technology inside the door. In a way, this adds extra security. It also hides the fact that you own a smart lock while keeping aesthetics in mind. The Level Lock is available in matte black, satin nickel, satin chrome, and polished brass.

Read more
7 things you didn’t know a smart lock could do
August Wi-Fi lock being installed

Innovative, easy to install (in most cases), and engineered for your peace of mind, smart locks have quickly become a major staple in the world of residential home security. While some smart lock features, such as on-the-go monitoring and remote locking/unlocking are standard functions that most consumers will expect from their new gear, box-art and brand website specs are merely the surface level. Putting things another way: Smart locks are capable of so much more.

Whether you own a smart lock of your own (or several), are considering purchasing one, or want to learn more about them, we've put together this guide to aim the spotlight on some of the lesser-known powers of today's leading smart locks. The rusted cylinders and deadbolts on our front doors have never looked so pitiful.
Automatic locking/unlocking

Read more