Locks and Security News: your weekly locks and security industry newsletter
21st April 2021 Issue no. 554
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
Surprise: a lot of smart locks have terrible security
By Ashley Carman
Gadget makers love the Internet of Things. Just look at connected refrigerators, connected tampons, and connected pregnancy tests as some examples. As I've said before, and I'll say again, the security of these devices is often inadequate.
This week at DEF CON, two researchers, Anthony Rose and Ben Ramsey, emphasized this point by demonstrating how they easily compromised 12 different Bluetooth Low Energy smart locks using cheap hardware that cost around $200 altogether.
Some devices, including the Quicklock Doorlock & Padlock and the iBluLock Padlock, stored passwords in plain text. Anyone with a Bluetooth sniffer could gain access. Other locks, including the Ceomate Bluetooth Smart Doorlock and the Elecycle EL797, were vulnerable to replay attacks, which means the researchers grabbed data over the air when a legitimate user unlocked the lock, and they then just replayed that data to gain access.
10th August 2016