Indiegogo-backed Tapplock proves breakable and hackable; fixes incoming

For a product that’s been backed to over $300,000 on Indiegogo — over 500 percent of its original goal — Tapplock is having a bad week in the security department. Specifically, some friendly hackers at Pen Test Partners were able to crack the Bluetooth-enabled smart lock in seconds using only a cell phone.

Digital Trends wrote about the lock and its “cutting edge encrypted fingerprint sensor” back in 2016, but the $100 smart lock turns out to be pretty vulnerable to security penetration, both in terms of its physical makeup and its security platform.

First, its physical makeup is somewhat compromised. Sure, a pair of bolt cutters can go through the lock like a hot knife through butter but that’s true of most consumer market locks. Never mind that the lock isn’t even waterproof but merely “water resistant.” It turns out the lock is made up of an industrial alloy called Zamak 3, comprised of zinc aluminum more commonly found in die-cast toys and door handles, an element that isn’t strong, is brittle, and melts at temperatures below 800 degrees Fahrenheit. By comparison, an air-only blowtorch burns at more than 3,600 degrees F while an oxygen-fed torch fires up at more than 5,000 degrees.

But that’s not all on the physical security front. Several YouTubers have already put up videos demonstrating the fragility of the lock. On June 1, a user called JerryRigEverything was able to employ a sticky GoPro mount to remove the back of the lock, dismantle it with a screwdriver, and open the shackle. Subsequently, CNET tried the same trick and couldn’t break the lock, so whether the lock is physically secure is still up in the air.

In the meantime, Tapplock has issued a statement that all future lock batches will use proprietary screws in the inside chambers as a secondary protective mechanism. The company is also offering free replacements to any customer who is able to crack the back cover without damaging the lock.

Meanwhile, the company is dealing with the bigger headache of Pen Test Partners being able to break the Tapplock’s internal software in less than two seconds. The process took the penetration testers less than an hour. Not only was the software broadcasting over unencrypted HTTP lines, but the locks are using the same data every time. Any bad actor on the same network can sniff the traffic, grab the unlocking data, and use it to unlock the device into perpetuity. There is no factory reset for the lock.

“This level of security is completely unacceptable,” wrote Pen Test Partners researcher Andrew Tierny. “Consumers deserve better, and treating your customers like this is hugely disrespectful. To be honest, I am lost for words.”

When informed of the back, Tapplock’s backer Pishon Lab told Tierny, “We are well aware of these notes.”

Subsequently, the company says that it is upgrading its QA process and pushing out a security patch to address its software vulnerability. Its QA procedures now include a 2-step inspection to ensure the lock’s spring-pen mechanism is effective, while a software patch upgrades the security protocol that includes additional authentication steps. The patch involves an app update as well as a firmware update, administered via the company’s proprietary app.

Pishon Labs also offered thanks to Pen Test Partners for “the timely prompt and ethical disclosure.”

Product Review

Gate’s Smart Lock is locked and loaded but ultimately lacks important basics

In a world of video cameras and doorbells comes the Gate Smart Lock, a lock with a video camera embedded. It’s a great idea, but lacks some crucial functionality to make it a top-notch product.
Computing

AMD Radeon VII will support DLSS-like upscaling developed by Microsoft

AMD's Radeon VII has shown promise with early tests of an open DLSS-like technology developed by Microsoft called DirectML. It would provide similar upscale features, but none of the locks on hardware choice.
Smart Home

Want a smarter home? Ditch the keys with these great smart locks

A good smart lock should offer a combination of security and convenience. Fortunately, these devices keep your home protected, your family safe, and your belongings secure from possible intruders.
Mobile

We tried all the latest and greatest smartphones to find the best of 2019

Smartphones are perhaps the most important and personal piece of tech on the planet. That’s why it’s important to pick the best phone for your individual needs. Here are the best smartphones you can buy.
Smart Home

Idaho mother says her child’s light-up sippy cup exploded

After a mother filled a Nuby insulated light-up cup with milk, the cup allegedly exploded. The incident caused burns to the mother's hand and face and a stinging sensation in her lungs that required a trip to the hospital.
Smart Home

Project Alias is a ‘smart parasite’ that stops smart speakers from listening

Two designers chose to do something about nosy smart speakers. The result is Project Alias, a "smart parasite" that whispers nonsense to Google Home and Alexa until it hears a specific wake word.
Smart Home

The Instant Pot Lux is a gateway drug into the pleasures of pressure cooking

The 3-quart Instant Pot Lux is one of the most affordable Instant Pots you can buy. Is it still a solid pressure cooker? Here are our thoughts on the Instant Pot Lux, a great IP baseline model.
Smart Home

DS3 Clean water-free swatches could be the future of cleaning products

DS3 Clean swatches were on display at CES 2019. The small swatches come in several types, including shampoo and toilet cleaner. They're great for travel, but their real impact is in how such supplies will be shipped and stored.
Smart Home

Amazon patents a technology to help Alexa fight fake voice attacks

Amazon filed a patent this month for a new technology that looks like it would help its digital assistant Alexa fight fake voice attacks that could potentially fool Alexa's biometric security protocols.
Smart Home

Amazon Prime members number more than 100 million in the U.S., survey says

Consumer Intelligence Research Partners estimated there were 101 million U.S. Amazon Prime members as of December 31, 2018. Last April, CEO Jeff Bezos wrote there were more than 100 global million Prime members.
Smart Home

With focus on interoperability, is Nevo Butler a smarter home hub?

Universal Electronics is the latest company getting into the smart home market, announcing at CES 2019 that it intends to market the Nevo Butler, a new smart home hub with onboard A.I. and voice control technology.
Emerging Tech

Awesome Tech You Can’t Buy Yet: camera with A.I. director, robot arm assistant

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Emerging Tech

Google’s radar-sensing tech could make any object smart

Computer scientists have shown how Google’s Soli sensor can be used to make dumb objects smart. Here's why radar-powered computing could finally make the dream of smart homes a reality.
Smart Home

The best air fryers deliver fried food with a fraction of the calories

What is this magical mechanism? It's an air fryer, and when used correctly, it can mimic the effects of frying while using just a little bit of oil. You still get that crispy, golden exterior and the fluffy center.