What isn’t connected digitally in some capacity nowadays? This is the Internet-of-things where everyday devices from the faucet to the toaster can be connected online. The same goes for the locks that secure our home and vehicles.
Smart locks are on the fast track to becoming a booming trend. Seven million smart lock devices were sold in 2019, and the market is expected to grow a further 18.5% between 2020 and 2027, according to a Grand View Research Report. While seemingly more secure than a traditional key lock, smart locks may not be so impenetrable as one might expect.
The Truth About Smart Locks
Anything connected to the Web can be hacked; smart locks are no exception. In fact, successfully hacking into one of these locks is not that difficult at all for a hacker with a little know-how.
A hacker can disable a lock by accessing the lock’s encrypted directory that enables the device to authenticate itself. Once the hacker gets in, he can rewrite the application by getting it to identify itself as a guest.
That’s not all; once the hacker has the encrypted directory information, he can not only open your smart lock but any other smart lock from the same manufacturer. If you use the same smart lock for your car and residence, then the thief only has to access one to gain entry to both.
Smart Lock Vulnerabilities Uncovered
At a 2016 Defcon conference, ethical hackers revealed how easy it was to hack into Bluetooth smart locks. Demonstrators were able to open these locks employing a number of methods, such as device spoofing, decompiling, fuzzing, and replay attacks.
Smart locks aren’t just opened using your mobile device. Fingerprint locks are another form of smart devices. In past years, these were relegated to high-clearance facilities.
Today, though, with their affordability and accessibility, it’s not unusual to spot them in private residences and apartment complexes. Unfortunately, even though your fingerprint is unique, that doesn’t stop a hacker from releasing the lock.
The locks emit a Bluetooth Low Energy ID that can be picked up by any regular mobile device scanning for Bluetooth within close proximity. The information can be used in conjunction with commands broadcasted by the lock’s manufacturer to release the lock. These findings, outlined in a BBC report, exposed the vulnerabilities of even one of the leading providers in fingerprint smart lock technology.
How to Safeguard Your Smart Lock
You don’t have to forgo a smart lock completely. However, you should take precautions much the same way you would your credit card details or email password. First, be sure the lock uses, at minimum, a 128-bit AES encryption for its communication. AES is the standard encryption utilized by the U.S. federal government and is also the preferred choice of most private companies.
Another step is using 2-factor authentication. This may include, for example, requiring both a security fob and inputting a password, or perhaps one of the two followed by a voice command. Also, if a password is one of the authentications, be sure it’s a minimum 16 characters in length. This makes it less vulnerable to brute force attacks.
Finally, just as your mobile devices require regular updates, so do your smart locks. Most locks update automatically but check to be sure and manually update them if they don’t.
Protect Your Smart Lock, and It Will Protect Your Property
By no means should you avoid smart locks out of fear that it leaves you vulnerable to cyber intrusions. However, hacking into a smart lock is very doable and can be achieved by even the most amateur of cyber-criminals. While you can’t make your lock 100%-hack-proof, you can make it as hard as possible for hackers with malicious intentions.