Bluetooth-powered locks are readily available from a number of companies to complement or begin building out your smart home portfolio. While primarily designed for convenience sake, a couple of security researchers have discovered that a large number of Bluetooth smart locks are susceptible to hacks.
This is quite alarming when you consider some smart door locks are the first line of defense when it comes to keeping intruders out of your home.
As Tom’s Guide reports, electrical engineer and smart home researcher Anthony Rose and partner Ben Ramsey said during the recent Def Con security conference that 12 of the 16 Bluetooth smart locks they tested could be opened when attacked wirelessly. The publication notes that models from companies including Ceomate, Elecycle, iBlulock, Quicklock, Plantraco, Vians, Okidokey and Mesh Motion contained vulnerabilities that ranged from incredibly easy to moderately difficult to exploit.
Worse yet, Rose said that nearly every vendor it contacted about the vulnerabilities in their products didn’t seem to care. Of the 12 they reached out to, only one bothered to reply, saying they were aware of the issue but weren’t going to fix it. Nice.
The duo said four of the locks they tested transmitted their password in plaintext to paired smartphones meaning anyone with a low-cost Bluetooth sniffer could grab it with ease. Others could easily be tricked into submission while one model was forced into an error state, thus opening the lock.
Only four locks including models from August and Kwikset withstood testing. Each offered features like two-factor authentication, properly used encryption and didn’t have a hardcoded password buried in their software.
Image courtesy Alexander Kirch, Shutterstock