Skip to main content
  1. Home
  2. Smart Home
  3. News

DEF CON attendee finds 75 percent of Bluetooth smart locks are open to hacks

By

bluetooth smart locks easily hackable 39577996 ml
Alexander Kirch/123RF
At this year’s annual DEF CON hacking conference in Las Vegas, a duo of researchers made the startling discovery that roughly 75 percent of Bluetooth-powered Low Energy smart locks are susceptible to hacks. What’s arguably a touch more unsettling than the researchers’ findings, however, is the fact the manufacturers of these at-risk locks — companies like Ceomate, Vians, Quicklock, and others — didn’t seem overly concerned their products contained such holes. Considering a large part of smart home innovation is geared toward making homes safer, these findings certainly won’t be attracting new customers anytime soon.

While attending the DEF CON conference last week, electrical engineer and smart home researcher Anthony Rose took to the task of testing 16 different Bluetooth smart locks. Along with research partner Ben Ramsey, the duo found that 12 of the reviewed locks featured at least some amount of wireless access when attacked. Furthermore, Rose and Ramsey say that the difficulty of successfully hacking each product was various, as some proved to be rather easy to access while others boasted a slightly harder barrier for entry.

The August Smart Lock
August

“We figured we’d find vulnerabilities in Bluetooth Low Energy locks, then contact the vendors,” Rose told Tom’s Guide. “It turned out that the vendors don’t really care. We contacted 12 vendors. One one responded, and they said, ‘We know it’s a problem, but we’re not gonna fix it.'”

Recommended Videos

Obviously, a statement of that nature is particularly troubling, though it’s the actual vulnerabilities Rose and Ramsey found that are especially damning to the companies involved. Of the 12 locks boasting security holes, four of them willingly sent a user’s password — in plain text — to a smartphone, meaning someone who knows their way around a Bluetooth sniffer wouldn’t have to struggle much to obtain a critical password. Additionally, Rose and Ramsey reported that Quicklock’s Doorlock and Padlock models even offered to send the password multiple times, allowing them to change the password and effectively cut off access to the original owner.

Please enable Javascript to view this content

“Vendors prioritize physical robustness over wireless security,” Rose added. “Our recommendation to anyone who owns one of these smart locks is to turn off Bluetooth on the smartphone when it’s not in use.”

Related

Though a few of the manufacturers with hacked locks claim they encrypt a user’s password when it’s transmitted via Bluetooth, Rose and Ramsey still reported having the ability to swipe the password out of thin air before sending it back to the lock itself. By doing this, the smart lock would then unlock itself without the original owner knowing or either of the researchers needing to decrypt and encrypted password.

So who passed the test? According to the pair of researchers, models released by August and Kwikset boasted enough security — i.e., no hard-coded passwords, proper encryption, and two-factor authentication — to pass as somewhat secure. It is worth noting that a different researcher at DEF CON claims to have hacked the August Smart Lock so, take Rose and Ramsey’s pseudo-seal of approval with a grain of salt.

Editors’ Recommendations

Topics
Rick Stella
Rick Stella
Former Digital Trends Contributor
Rick became enamored with technology the moment his parents got him an original NES for Christmas in 1991. And as they say…
Should you buy a new smart lock or retrofit your existing deadbolt?
Schlage Encode Plus smart lock installed on a wooden door to a living room.

When it comes to smart locks, all models essentially fall into two categories. The first category will be familiar to most people, as these are traditional smart locks built to replace your existing deadbolt. That means you'll get a whole new set of keys for your front door, as well as hardware that introduces smart features to your home.

The second kind of smart lock is a retrofit smart lock. These quirky devices are designed to fit over your existing hardware -- allowing you to keep using your old keys while also adding smart features. Both types of smart locks are great ways to upgrade your front door, but which is best for your home? Here's a closer look to help you decide if you should replace your traditional deadbolt with a smart lock or install a retrofit smart lock instead.
Consider your DIY skills

Read more
Yale Assure Lock 2 vs. August Wi-Fi Smart Lock: which is the better smart lock?
August Wi-Fi Smart Lock installed on door.

Smart locks are a powerful way to enhance your front door security, and few products are as popular as the Yale Assure Lock 2 and August Wi-Fi Smart Lock. Both are quite expensive (carrying price tags that can climb over $200), but your investment gets you slick designs, tons of functionality, and an easy way to let guests access your home without giving away a physical key.

But which is best -- the Yale Assure Lock 2 or the August Wi-Fi Smart Lock? From pricing and installation to mobile companion apps and more, here's a look at these two popular smart locks.
Pricing and design

Read more
Yale Assure Lock 2 Touch picks up new features with the Z-Wave Smart Module
Several Yale Assure Lock 2 Touch models on a yellow background.

The Yale Assure Lock 2 Touch launched last year, bringing a fingerprint sensor to one of our favorite smart locks. Now, Yale is making the keypad even more enticing by offering a Z-Wave Smart Module with your purchase, which gives you additional smart functions and added connectivity.

The Z-Wave Smart Module is a piece of hardware that slots into the Yale Assure Lock 2 Touch so it can communicate with devices outside the Yale ecosystem. When installed, the module lets the Assure Lock 2 Touch sync with Samsung SmartThings, Amazon Alexa, Hey Google, and Siri. You can also sync the lock with various smart lights and security systems that support Z-Wave.

Read more