Skip to main content
  1. Home
  2. Smart Home
  3. News

Indiegogo-backed Tapplock proves breakable and hackable; fixes incoming

By

For a product that’s been backed to over $300,000 on Indiegogo — over 500 percent of its original goal — Tapplock is having a bad week in the security department. Specifically, some friendly hackers at Pen Test Partners were able to crack the Bluetooth-enabled smart lock in seconds using only a cell phone.

Unlocked

Digital Trends wrote about the lock and its “cutting edge encrypted fingerprint sensor” back in 2016, but the $100 smart lock turns out to be pretty vulnerable to security penetration, both in terms of its physical makeup and its security platform.

Recommended Videos

First, its physical makeup is somewhat compromised. Sure, a pair of bolt cutters can go through the lock like a hot knife through butter but that’s true of most consumer market locks. Never mind that the lock isn’t even waterproof but merely “water resistant.” It turns out the lock is made up of an industrial alloy called Zamak 3, comprised of zinc aluminum more commonly found in die-cast toys and door handles, an element that isn’t strong, is brittle, and melts at temperatures below 800 degrees Fahrenheit. By comparison, an air-only blowtorch burns at more than 3,600 degrees F while an oxygen-fed torch fires up at more than 5,000 degrees.

But that’s not all on the physical security front. Several YouTubers have already put up videos demonstrating the fragility of the lock. On June 1, a user called JerryRigEverything was able to employ a sticky GoPro mount to remove the back of the lock, dismantle it with a screwdriver, and open the shackle. Subsequently, CNET tried the same trick and couldn’t break the lock, so whether the lock is physically secure is still up in the air.

In the meantime, Tapplock has issued a statement that all future lock batches will use proprietary screws in the inside chambers as a secondary protective mechanism. The company is also offering free replacements to any customer who is able to crack the back cover without damaging the lock.

TappLock Series: Your Fingerprint, Your TappLock

Meanwhile, the company is dealing with the bigger headache of Pen Test Partners being able to break the Tapplock’s internal software in less than two seconds. The process took the penetration testers less than an hour. Not only was the software broadcasting over unencrypted HTTP lines, but the locks are using the same data every time. Any bad actor on the same network can sniff the traffic, grab the unlocking data, and use it to unlock the device into perpetuity. There is no factory reset for the lock.

“This level of security is completely unacceptable,” wrote Pen Test Partners researcher Andrew Tierny. “Consumers deserve better, and treating your customers like this is hugely disrespectful. To be honest, I am lost for words.”

When informed of the back, Tapplock’s backer Pishon Lab told Tierny, “We are well aware of these notes.”

Subsequently, the company says that it is upgrading its QA process and pushing out a security patch to address its software vulnerability. Its QA procedures now include a 2-step inspection to ensure the lock’s spring-pen mechanism is effective, while a software patch upgrades the security protocol that includes additional authentication steps. The patch involves an app update as well as a firmware update, administered via the company’s proprietary app.

Pishon Labs also offered thanks to Pen Test Partners for “the timely prompt and ethical disclosure.”

Topics
Clayton Moore
Clayton Moore
Contributor
Clayton Moore’s interest in technology is deeply rooted in the work of writers like Warren Ellis, Cory Doctorow and Neal…
Tesla Powerwall is the best solar, home backup, and EV charging companion
Tesla Powerwall 3 installed on outside of home

Solar power, and having solar panels on your home, is a fantastic way to conserve energy and cut down on power bills, especially if you live somewhere sunny like Florida or California. There's just one glaring issue. When the grid goes down you still lose power because of how it's connected. Your solar panels cannot generate enough energy or keep it stored to keep your power on. So, essentially, your power setup doesn't offer much benefit there, unless you get a home power backup system. More specifically, something like a Tesla Powerwall is a compact home battery that stores energy generated from the grid. That energy is then used as a backup when traditional grid power is unavailable.

To make it even more clear, with a Tesla Powerwall, the power stays on even during a major blackout or outage. It's whole-home backup, too, which means you can power your lights, appliances, electronics, you name it. If you've ever had to throw away an entire refrigerator's worth of spoiled food because of a multi-day outage -- like I have -- you'll certainly appreciate the option to keep your appliances running. But that's not all it can do. The Tesla Powerwall is an excellent companion for Tesla EV owners, creating an entire smart ecosystem of power. Let's explore.

Read more
Air fryer or cordless vacuum, you choose: Two deep Black Friday discounts worth shopping
Levoit LVAC-200 cordless vacuum in use with pet nearby

Going down probably as two of the most random, unique contenders for smart home and Black Friday deals in a mashup together, we have the COSORI TurboBlaze Air Fryer and LEVOIT LVAC-200 Cordless Vacuum. One will cook your food fast and crispy the other will clean your home fast and effectively. Why not, right? You could even throw some food into the air fryer and get to cleaning while it heats up with the vacuum. Okay, maybe it really is an excellent combo. Nevertheless, these Black Friday discounts will have you a little more excited than normal, let's take a closer look.

 
COSORI TurboBlaze Air Fryer -- now $88, was $120 26% off

Read more
Best home security camera deals: Ring, Arlo, Blink and more on sale
These are the best security camera deals available right now
Prime Day 2022 security camera deals graphic.

If you're the sort of person who worries about the physical safety of their home or live in a rough area, then having home security cameras can help give you much more peace of mind. The great thing is that in the past decade or so, security cameras have come a long way, and nowadays, you can get things like wireless security cameras that let you access them remotely from wherever you are through an application. Of course, that does mean that there is a huge selection out there, which is why we've collected some of our favorite security camera deals below, although if you're in the Amazon ecosystem, it might be worth checking out these Ring camera deals.
Chamberlain myQ Smart Garage Security Camera -- $27 $50 45% off

While this is ostensibly made for your garage, there's no reason the Chamberlain myQ Smart Garage can't work for other uses as well, especially if you don't need the highest quality of recording. It has an HD camera, which isn't a ton, but it does have an impressive 130-degree field of view. The MyQ also connects through dual-band Wi-Fi for a better connection, and it even has two-way communication, which is impressive for something at this price bracket.

Read more