- This topic has 1 voice and 0 replies.
Viewing 0 reply threads
Viewing 0 reply threads
- You must be logged in to reply to this topic.
› Forums › Security › News (Security) › Smart Locks: Dumb Security
#News(Security) [ via IoTForIndiaGroup ]
Smart locks often get physical security wrong
This is beyond irony: most non-smart lock vendors have spent years trying to make their products resistant to attack. Closed shackle designs can make it very hard to get bolt cutters in close enough to cut effectively:
So why do vendors make such ridiculous claims? Here’s one: a very cheap padlock which we weren’t expecting much of, but it claims ‘Good cutting resistance from bolt cutters’. Why make such a stupid claim? It’s like saying that it’s ‘unhackable’ 😉
Magnet attacks
Hall-effect sensors are often used in smart locks to detect the presence of a key and therefore allow new users to be added.
It is sometimes possible to fool the sensor by placing a small magnet on the lock case. The lock now believes that it’s in a position where new user fingerprints can be enrolled. Fail!
Conclusion
Smart lock vendors would be well advised to ensure that they offer similar or better physical security when compared to a non-smart lock of similar price.
We haven’t touched on smart attacks against smart locks here, but the attack surface is usually significant too: USB, BLE, API etc etc
We are looking forward to receiving a smart lock for testing that we can’t hack with dumb attacks, though several vendors are making good progress.