DEF CON attendee finds 75 percent of Bluetooth smart locks are open to hacks

bluetooth smart locks easily hackable 39577996 ml
Alexander Kirch/123RF
At this year’s annual DEF CON hacking conference in Las Vegas, a duo of researchers made the startling discovery that roughly 75 percent of Bluetooth-powered Low Energy smart locks are susceptible to hacks. What’s arguably a touch more unsettling than the researchers’ findings, however, is the fact the manufacturers of these at-risk locks — companies like Ceomate, Vians, Quicklock, and others — didn’t seem overly concerned their products contained such holes. Considering a large part of smart home innovation is geared toward making homes safer, these findings certainly won’t be attracting new customers anytime soon.

While attending the DEF CON conference last week, electrical engineer and smart home researcher Anthony Rose took to the task of testing 16 different Bluetooth smart locks. Along with research partner Ben Ramsey, the duo found that 12 of the reviewed locks featured at least some amount of wireless access when attacked. Furthermore, Rose and Ramsey say that the difficulty of successfully hacking each product was various, as some proved to be rather easy to access while others boasted a slightly harder barrier for entry.

The August Smart Lock
August

“We figured we’d find vulnerabilities in Bluetooth Low Energy locks, then contact the vendors,” Rose told Tom’s Guide. “It turned out that the vendors don’t really care. We contacted 12 vendors. One one responded, and they said, ‘We know it’s a problem, but we’re not gonna fix it.'”

Obviously, a statement of that nature is particularly troubling, though it’s the actual vulnerabilities Rose and Ramsey found that are especially damning to the companies involved. Of the 12 locks boasting security holes, four of them willingly sent a user’s password — in plain text — to a smartphone, meaning someone who knows their way around a Bluetooth sniffer wouldn’t have to struggle much to obtain a critical password. Additionally, Rose and Ramsey reported that Quicklock’s Doorlock and Padlock models even offered to send the password multiple times, allowing them to change the password and effectively cut off access to the original owner.

“Vendors prioritize physical robustness over wireless security,” Rose added. “Our recommendation to anyone who owns one of these smart locks is to turn off Bluetooth on the smartphone when it’s not in use.”

Though a few of the manufacturers with hacked locks claim they encrypt a user’s password when it’s transmitted via Bluetooth, Rose and Ramsey still reported having the ability to swipe the password out of thin air before sending it back to the lock itself. By doing this, the smart lock would then unlock itself without the original owner knowing or either of the researchers needing to decrypt and encrypted password.

So who passed the test? According to the pair of researchers, models released by August and Kwikset boasted enough security — i.e., no hard-coded passwords, proper encryption, and two-factor authentication — to pass as somewhat secure. It is worth noting that a different researcher at DEF CON claims to have hacked the August Smart Lock so, take Rose and Ramsey’s pseudo-seal of approval with a grain of salt.

Smart Home

Voice assistant-enabled Deebot N79S robot vacuum now deeply discounted

The Ecovacs Deebot N79 is more powerful and quieter than its predecessor and adds Amazon Alexa and Google Assistant compatibility. Ready to make cleaning easier than ever, this voice-enabled bot will vacuum your home on spoken command.
Mobile

How to switch from iPhone to Android: The ultimate guide

If you've decided to bridge the great tech divide and leave Apple's walled garden for the unknown shores of Android, then you'll find all the tips and advice you need to begin switching from an iPhone to an Android device.
Wearables

Our favorite fitness trackers make it fun to keep moving

Looking for your first fitness tracker, or an upgrade to the one you're already wearing? There are plenty of the wrist-worn gadgets available. Here are our picks for the best fitness trackers available right now.
Smart Home

Knock, knock. Who's there? With a video doorbell, you'll never have to guess

When it comes to knowing who's at your door before you actually open it, there's nothing better than a video doorbell. Plus, you can "answer" the door even if you're not home. Here are some of our favorites.
Smart Home

Facebook Portal and Portal+ video-calling devices gain new content and features

Facebook's Portal devices are video smart speakers with Alexa voice assistants built in that allow you to make calls. The 15-inch Portal+ model features a pivoting camera that follows you around the room as you speak.
Smart Home

Dog or cat shedding? These vacuums do a great job of sucking up pet hair

Got a pet hair problem? Fortunately, there's help for you and your furry friend. We tested out a bunch of vacuums that promise to remove pet hair. Here are a few of the best you can buy.
Product Review

Hue who? Nanoleaf Canvas brings a riot of color and vibrancy to the smart home

Fun and festive, Nanoleaf Canvas feature lighting adds personality and vibrancy to any room. Nanoleaf Canvas features squares that you can connect in any configuration you’d like. Sync to music, play games, or relax in soothing light.
Smart Home

Rocco wants to rock out. Parrot learns to use owner’s Amazon Alexa

Rocco, an African gray parrot, fell in love with his owner's Alexa unit and ordered himself treats and other goodies, but mostly uses the smart assistant to rock out to his favorite music.
Smart Home

The Echo Wall Clock can help you keep track of multiple Alexa timers

Amazon just released the Echo Wall Clock that was announced at its September new hardware device event in Seattle. The Echo Wall Clock is an analog clock that also indicates the minutes remaining on one or more Alexa timers.
Product Review

Ring Alarm makes DIY home security simple and affordable enough for everyone

Ring first made waves with its video doorbell, and now the Amazon-owned company is moving on to home security with the Ring Alarm. You can install the sensors and keypads yourself, then have Ring professionally monitor your home.
Smart Home

Espresso On Demand: The five best Nespresso machines

Most people still trek down to their local coffee shop to get an espresso or a cappuccino, but you don't have to. A Nespresso machine can put coffee shop quality espresso on your kitchen counter.
Smart Home

This device detects when your pet is at the door and opens it for them

Tired of waiting for your dog to come inside, or running home in the middle of the day to let your four-legged friend out? Wayzn automatically opens sliding doors for your dog and gives you remote control.
Deals

Get electronics gifts for high-tech homes for under $100 with these deals

The holiday season is in full swing with Christmas just around the corner. New deals on interesting, fun, and practical electronic gifts under $100 from major online retailers can convert last-minute shoppers to savvy bargain hunters.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Booze-filled ski poles and crypto piggy banks

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!