Skip to main content
  1. Home
  2. Smart Home
  3. Evergreens

Indiegogo-backed Tapplock proves breakable and hackable; fixes incoming

Add as a preferred source on Google

For a product that’s been backed to over $300,000 on Indiegogo — over 500 percent of its original goal — Tapplock is having a bad week in the security department. Specifically, some friendly hackers at Pen Test Partners were able to crack the Bluetooth-enabled smart lock in seconds using only a cell phone.

Unlocked

Digital Trends wrote about the lock and its “cutting edge encrypted fingerprint sensor” back in 2016, but the $100 smart lock turns out to be pretty vulnerable to security penetration, both in terms of its physical makeup and its security platform.

Recommended Videos

First, its physical makeup is somewhat compromised. Sure, a pair of bolt cutters can go through the lock like a hot knife through butter but that’s true of most consumer market locks. Never mind that the lock isn’t even waterproof but merely “water resistant.” It turns out the lock is made up of an industrial alloy called Zamak 3, comprised of zinc aluminum more commonly found in die-cast toys and door handles, an element that isn’t strong, is brittle, and melts at temperatures below 800 degrees Fahrenheit. By comparison, an air-only blowtorch burns at more than 3,600 degrees F while an oxygen-fed torch fires up at more than 5,000 degrees.

But that’s not all on the physical security front. Several YouTubers have already put up videos demonstrating the fragility of the lock. On June 1, a user called JerryRigEverything was able to employ a sticky GoPro mount to remove the back of the lock, dismantle it with a screwdriver, and open the shackle. Subsequently, CNET tried the same trick and couldn’t break the lock, so whether the lock is physically secure is still up in the air.

In the meantime, Tapplock has issued a statement that all future lock batches will use proprietary screws in the inside chambers as a secondary protective mechanism. The company is also offering free replacements to any customer who is able to crack the back cover without damaging the lock.

TappLock Series: Your Fingerprint, Your TappLock

Meanwhile, the company is dealing with the bigger headache of Pen Test Partners being able to break the Tapplock’s internal software in less than two seconds. The process took the penetration testers less than an hour. Not only was the software broadcasting over unencrypted HTTP lines, but the locks are using the same data every time. Any bad actor on the same network can sniff the traffic, grab the unlocking data, and use it to unlock the device into perpetuity. There is no factory reset for the lock.

“This level of security is completely unacceptable,” wrote Pen Test Partners researcher Andrew Tierny. “Consumers deserve better, and treating your customers like this is hugely disrespectful. To be honest, I am lost for words.”

When informed of the back, Tapplock’s backer Pishon Lab told Tierny, “We are well aware of these notes.”

Subsequently, the company says that it is upgrading its QA process and pushing out a security patch to address its software vulnerability. Its QA procedures now include a 2-step inspection to ensure the lock’s spring-pen mechanism is effective, while a software patch upgrades the security protocol that includes additional authentication steps. The patch involves an app update as well as a firmware update, administered via the company’s proprietary app.

Pishon Labs also offered thanks to Pen Test Partners for “the timely prompt and ethical disclosure.”

Clayton Moore
Contributor
Clayton Moore’s interest in technology is deeply rooted in the work of writers like Warren Ellis, Cory Doctorow and Neal…
LG SIGNATURE WM9900HSA washing machine review: A washer that’s as fun as it is good looking
LG's premium washer wants you to embrace AI and digital controls on a sleek kit with a luxurious identity.
LG SIGNATURE WM9900HSA washer and drying machine.

view at LG

Quick Review

Read more
Apple Home AI features come with a hidden price tag
Your cameras just got smarter, but so did Apple's upsell game.
Apple Home

I previously covered the new Apple Home AI features revealed at WWDC 2026, which include several quality-of-life improvements, including auto-updating notifications, smarter camera search, automatic tracking and stitching of multiple videos for a single event, and higher-resolution recordings, among others. 

Like many Apple Home features, these features are only available to iCloud+ customers. However, at the event, Apple didn’t notify which plans will get access to these features. Today, we get the answer in the release notes of macOS Golden Gate beta 3, and you are not going to like it. 

Read more
Amazon wants to design in-house chips for Kindles, Fire TV, and Echo speakers
Apple did it first. Amazon is doing it now, starting with 40 million chips a year and a partner most people have never heard of.
Amazon Kindle Scribe dark mode featured image.

Apple's decision to design its own chips reshaped the consumer electronics industry. Amazon may be about to make the same call, just about two decades later.

Supply chain analyst Ming-Chi Kuo reports that Amazon is preparing to shift away from externally sourced processors for its consumer electronics lineup, marking what he describes as the company's first major processor procurement change in 20 years. The transition is expected to begin in 2027.

Read more