Many 'Smart' Locks Open to Easy Hacks

Are smart locks an open invitation to homes? At a recent computer security conference, some researchers said yes. Two presentations at the recent Def Con event, where hackers and security professionals gather to trade information and show off security failures, highlighted the ease with which smart locks can be hacked. Anthony Rose and Ben Ramsey of Mercurlite Security found that they could open 12 of 16 models of smart locks with less than $200 worth of hardware. While smart locks made by August resisted their efforts, another researcher in the other presentation was able to defeat the August lock, although the process required some technical knowledge. Locks made by Noke and Masterlock also resisted Mercurlite's efforts, as did the Kwikset Kevo — until they simply unscrewed it from the door. The researchers contacted the 12 companies that make the easily hacked locks and received only one reply, which had no commitment to fix the bug, reports said. Locks from three companies store their passwords in plain text, readable by anyone with a device that can connect via Bluetooth. Other locks opened when the researchers recorded network data as an authorized user opened the locks and replayed it later. One lock failed and unlocked automatically after it was sent data it didn't recognize. Source: "Surprise: a lot of smart locks have terrible security," The Verge (Aug. 9, 2016)