Skip to main content
  1. Home
  2. Smart Home
  3. News

DEF CON attendee finds 75 percent of Bluetooth smart locks are open to hacks

Rick Stella
By

bluetooth smart locks easily hackable 39577996 ml
Alexander Kirch/123RF
At this year’s annual DEF CON hacking conference in Las Vegas, a duo of researchers made the startling discovery that roughly 75 percent of Bluetooth-powered Low Energy smart locks are susceptible to hacks. What’s arguably a touch more unsettling than the researchers’ findings, however, is the fact the manufacturers of these at-risk locks — companies like Ceomate, Vians, Quicklock, and others — didn’t seem overly concerned their products contained such holes. Considering a large part of smart home innovation is geared toward making homes safer, these findings certainly won’t be attracting new customers anytime soon.

While attending the DEF CON conference last week, electrical engineer and smart home researcher Anthony Rose took to the task of testing 16 different Bluetooth smart locks. Along with research partner Ben Ramsey, the duo found that 12 of the reviewed locks featured at least some amount of wireless access when attacked. Furthermore, Rose and Ramsey say that the difficulty of successfully hacking each product was various, as some proved to be rather easy to access while others boasted a slightly harder barrier for entry.

The August Smart Lock
August

“We figured we’d find vulnerabilities in Bluetooth Low Energy locks, then contact the vendors,” Rose told Tom’s Guide. “It turned out that the vendors don’t really care. We contacted 12 vendors. One one responded, and they said, ‘We know it’s a problem, but we’re not gonna fix it.'”

Recommended Videos

Obviously, a statement of that nature is particularly troubling, though it’s the actual vulnerabilities Rose and Ramsey found that are especially damning to the companies involved. Of the 12 locks boasting security holes, four of them willingly sent a user’s password — in plain text — to a smartphone, meaning someone who knows their way around a Bluetooth sniffer wouldn’t have to struggle much to obtain a critical password. Additionally, Rose and Ramsey reported that Quicklock’s Doorlock and Padlock models even offered to send the password multiple times, allowing them to change the password and effectively cut off access to the original owner.

Related

“Vendors prioritize physical robustness over wireless security,” Rose added. “Our recommendation to anyone who owns one of these smart locks is to turn off Bluetooth on the smartphone when it’s not in use.”

Though a few of the manufacturers with hacked locks claim they encrypt a user’s password when it’s transmitted via Bluetooth, Rose and Ramsey still reported having the ability to swipe the password out of thin air before sending it back to the lock itself. By doing this, the smart lock would then unlock itself without the original owner knowing or either of the researchers needing to decrypt and encrypted password.

So who passed the test? According to the pair of researchers, models released by August and Kwikset boasted enough security — i.e., no hard-coded passwords, proper encryption, and two-factor authentication — to pass as somewhat secure. It is worth noting that a different researcher at DEF CON claims to have hacked the August Smart Lock so, take Rose and Ramsey’s pseudo-seal of approval with a grain of salt.

Editors' Recommendations

Topics
Rick Stella
Rick Stella
Former Digital Trends Contributor
Rick became enamored with technology the moment his parents got him an original NES for Christmas in 1991. And as they say…
Bluetooth speakers vs. smart speakers
Woman using smart speaker while working in office.

When looking for the best smart devices for your home or gifts for your friends, you may come across both the terms: “Bluetooth speaker” and “smart speaker.” The differences aren't immediately apparent, and sometimes the terms are applied to the same device, so we know it can get a little confusing.

We’re clearing up the mess right now by explaining just what these two categories mean, where they overlap, and what term may be most useful depending on the sort of speaker experience you want. Let’s go!
Basic definitions

Read more
The smart home hacking scene in Scream is possible, but you’re probably OK
august announces homekit compatibility doorbell camera smart lock close

Two elements combined to make this article happen. The first was that October was Cybersecurity Awareness Month. Second, smack-dab in the middle of the month, the first trailer for the new Scream movie dropped. It contained a scene that had us a little concerned. See if you can spot it.

Scream | Official Trailer (2022 Movie)

Read more
Lockly Flex Touch ditches the bulk in favor of a slimmer fingerprint smart lock
Lockly Flex Touch

The key to a smart lock is ease of use. Everyone wants to be able to get into their homes more easily, especially while carrying an armload of groceries, but no one wants to sacrifice security for convenience. The new Lockly Flex Touch smart lock provides the best of both worlds with easy entry and installation while maintaining strong security due to its 3D biometric fingerprint reader.

The Flex Touch allows up to 99 different fingerprints to be stored on a single lock, so that all members of your household, your extended family, and probably all of your friends could have easy entry into the home if you wanted. That's a lot of fingerprint storage. If you wanted to transmit all of these entries to another lock, you can do so through Lockly's secure eDuplicate system.

Read more