Skip to main content
  1. Home
  2. Smart Home
  3. News

Indiegogo-backed Tapplock proves breakable and hackable; fixes incoming

By

For a product that’s been backed to over $300,000 on Indiegogo — over 500 percent of its original goal — Tapplock is having a bad week in the security department. Specifically, some friendly hackers at Pen Test Partners were able to crack the Bluetooth-enabled smart lock in seconds using only a cell phone.

Unlocked

Digital Trends wrote about the lock and its “cutting edge encrypted fingerprint sensor” back in 2016, but the $100 smart lock turns out to be pretty vulnerable to security penetration, both in terms of its physical makeup and its security platform.

Recommended Videos

First, its physical makeup is somewhat compromised. Sure, a pair of bolt cutters can go through the lock like a hot knife through butter but that’s true of most consumer market locks. Never mind that the lock isn’t even waterproof but merely “water resistant.” It turns out the lock is made up of an industrial alloy called Zamak 3, comprised of zinc aluminum more commonly found in die-cast toys and door handles, an element that isn’t strong, is brittle, and melts at temperatures below 800 degrees Fahrenheit. By comparison, an air-only blowtorch burns at more than 3,600 degrees F while an oxygen-fed torch fires up at more than 5,000 degrees.

But that’s not all on the physical security front. Several YouTubers have already put up videos demonstrating the fragility of the lock. On June 1, a user called JerryRigEverything was able to employ a sticky GoPro mount to remove the back of the lock, dismantle it with a screwdriver, and open the shackle. Subsequently, CNET tried the same trick and couldn’t break the lock, so whether the lock is physically secure is still up in the air.

In the meantime, Tapplock has issued a statement that all future lock batches will use proprietary screws in the inside chambers as a secondary protective mechanism. The company is also offering free replacements to any customer who is able to crack the back cover without damaging the lock.

TappLock Series: Your Fingerprint, Your TappLock

Meanwhile, the company is dealing with the bigger headache of Pen Test Partners being able to break the Tapplock’s internal software in less than two seconds. The process took the penetration testers less than an hour. Not only was the software broadcasting over unencrypted HTTP lines, but the locks are using the same data every time. Any bad actor on the same network can sniff the traffic, grab the unlocking data, and use it to unlock the device into perpetuity. There is no factory reset for the lock.

“This level of security is completely unacceptable,” wrote Pen Test Partners researcher Andrew Tierny. “Consumers deserve better, and treating your customers like this is hugely disrespectful. To be honest, I am lost for words.”

When informed of the back, Tapplock’s backer Pishon Lab told Tierny, “We are well aware of these notes.”

Subsequently, the company says that it is upgrading its QA process and pushing out a security patch to address its software vulnerability. Its QA procedures now include a 2-step inspection to ensure the lock’s spring-pen mechanism is effective, while a software patch upgrades the security protocol that includes additional authentication steps. The patch involves an app update as well as a firmware update, administered via the company’s proprietary app.

Pishon Labs also offered thanks to Pen Test Partners for “the timely prompt and ethical disclosure.”

Topics
Clayton Moore
Clayton Moore
Contributor
Clayton Moore’s interest in technology is deeply rooted in the work of writers like Warren Ellis, Cory Doctorow and Neal…
Best portable power station deals: Bluetti, EcoFlow, and more
Bluetti AC300 portable power station

Whether you need some extra power on the road or around the house, portable power stations are a great way to ensure you have all the electricity you need. With a portable power station you can keep your devices charged up wherever you go, or you can power the day when tailgating. A portable power station also offers some savings, so below we’ve rounded up all of the best portable power station deals going on right now. If you’d like to save on some great devices to keep powered up be sure to check out today's best tablet deals, best laptop deals, and best phone deals, or add some more savings around the house with all of the current lawn mower deals, pressure washer deals, and smart lock deals.
Our favorite portable power station deals

There are a couple of portable power station deals that really stand out right now. One is a great discount on a smaller power station you can use to charge mobile devices, laptops, game consoles, and so on. It's a great little pick-me-up that you can take anywhere. The other is a more formidable power station with a considerably larger capacity for home backup situations.

Read more
Best office chair deals: Improve your posture from $83
staples offering best deals on select printers office chairs plus free shipping chair

A long day at the desk deserves a comfortable place to sit, and right now you can land yourself a new office chair with some savings. Today’s best office chair deals have a lot to offer, particularly if you aren’t interested in what the day’s best standing desk deals are all about. Reading onward you will find all of the office chair deals we feel are worth shopping right now, and if you’re looking for some savings on a device to sit in front of don’t miss all of the current laptop deals, gaming laptop deals, desktop computer deals, and monitor deals.
Flash Furniture task chair — $83 $149 45% off

This offering from Flash Furniture is more of a task chair than a typical office chair. Task chairs are a subset of office chairs that are made to... well, do tasks in. The Flash Fundamentals Task Chair, and other task chairs like it, are made for more activity than normal. How does Flash Furniture give you this? It emphasizes quick twists in the 360-degree swivel and a smaller horizontal profile so you can move about with ease through multiple task stations or with multiple workers present. And, of course, there's the nice mesh backing to keep you from getting overheated while doing everything.

Read more
Best smart lock deals: Save on Yale, Philips, August, and more
A person opening the Yale Assure Lock 2 with their Apple Watch.

Smart locks are a great way to improve your smart home setup, and shopping smart lock deals can add some savings as well. Today’s best smart lock deals include smart locks from Philips, August, and Yale, among others, and they make great complementary tech to anything you’ll find among the best security camera deals and best Ring deals. Below you can find all of the best smart lock deals going on right now, and if you’d like to expand your smart home setup even further you can shop the best robot vacuum deals, best Philips Hue deals, best portable power station deals, and best Bluetooth speaker deals.
Philips Fingerprint Door Lock — $80 $140 43% off

Philips is one of the most popular brands when it comes to smart home devices. With the Philips Fingerprint Door Lock you can not only save big but ensure some security around the house. It has an auto-lock timer that ranges between 30 and 180 seconds, or you can manually lock it by holding a button on the keypad. Your fingerprint is how you’ll ultimately unlock this lock, and it boasts a 99.99% recognition rate to keep both intruders and tech frustrations away. You can also program a PIN using the more traditional keypad with this lock, making it a quality and versatile option for your home.

Read more