Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Security

75 Percent of Bluetooth Smart Locks Can Be Hacked (tomsguide.com) 87

It turns out, the majority of Bluetooth smart locks you see on the market can easily be hacked and opened by unauthorized users. The news comes from DEF CON hacker conference in Las Vegas, where security researchers revealed the vulnerability, adding that concerned OEMs are doing little to nothing to patch the hole. Tom's Guide reports: Researcher Anthony Rose, an electrical engineer, said that of 16 Bluetooth smart locks he and fellow researcher Ben Ramsey had tested, 12 locks opened when wirelessly attacked. The locks -- including models made by Quicklock, iBlulock, Plantraco, Ceomate, Elecycle, Vians, Okidokey and Mesh Motion -- had security vulnerabilities that ranged from ridiculously easy to moderately difficult to exploit. "We figured we'd find vulnerabilities in Bluetooth Low Energy locks, then contact the vendors. It turned out that the vendors actually don't care," Rose said. "We contacted 12 vendors. Only one responded, and they said, 'We know it's a problem, but we're not gonna fix it.'" The problems didn't lie with the Bluetooth Low Energy protocol itself, Rose said, but in the way the locks implemented Bluetooth communications, or with a lock's companion smartphone app. Four locks, for example, transmitted their user passwords in plaintext to smartphones, making it easy for anyone with a $100 Bluetooth sniffer to pluck the passwords out of thin air.
This discussion has been archived. No new comments can be posted.

75 Percent of Bluetooth Smart Locks Can Be Hacked

Comments Filter:
  • by wangmaster ( 760932 ) on Monday August 08, 2016 @12:40PM (#52666015)

    I go by the notion that locks are for honest people and things like smartlocks and connected locks are primarily for the convenience of the owner. Realistically, for most consumer applications of locks, if someone wanted to get in, the lock isn't keeping them out. So while I'm disappointed at the overall non-concern for real security by the manufacturers, I'm not incredibly surprised and I'd be really surprised, outside of a handful of specific targetted cases, that any real thief would even bother with hacking a lock.

    • outside of a handful of specific targetted cases, that any real thief would even bother with hacking a lock.

      Oh rly? [lmgtfy.com]

      What we see here is yet another example of how the manufactures of IoT devices don't give a shit about security.

      • That's not really an accurate analogy. One wouldn't need to hack the lock of a jeep to get access to the contents of the jeep.

    • I go by the notion that locks are for honest people and things like smartlocks and connected locks are primarily for the convenience of the owner. Realistically, for most consumer applications of locks, if someone wanted to get in, the lock isn't keeping them out.

      That's true but there is no point in making it easier than necessary for a lock to get picked. At least with the deadbolt on my door someone would either have to A) smash the door which tends to leave evidence or B) pick the lock which (should) take non-trivial amounts of time. You are quite correct that locks are generally more for keeping honest people honest than to keep out determined criminals but that doesn't excuse making a shoddy, easily bypassed product.

      • by Anonymous Coward on Monday August 08, 2016 @01:16PM (#52666333)

        Most house deadbolts take about 1 second to covertly open:

        https://www.youtube.com/watch?v=iaBIvKzBCxI

        Hopefully you bought a replacement for the junk the builder installed.

      • Sjbe, I was sorely disappointed to discover how NOT NON trivial it is to pick most commercial locks (meaning, of course, that it IS trivial.) - after watching a 25 minute DVD and practicing for less than 15 minutes (meaning my total investment in this skill is less than one hour), I myself am able to do it in less than 20 seconds. I can only imagine that for an actual thief with experience, that the time is less than 5 seconds. -- That seems pretty trivial to me. That's why I have a mechanical, elect
        • by recjhl ( 840587 )
          It sounds too inconvenient for most people. One more lock, and it will be faster to break in than use to keys.
    • by sexconker ( 1179573 ) on Monday August 08, 2016 @12:55PM (#52666147)

      Such a bullshit cliche. Honest people don't need locks to stop them from opening things they shouldn't be opening.

      • To keep those on the line between honesty and criminality from straying across without effort - like a fence.

      • by skids ( 119237 )

        Honest people don't need locks to stop them from opening things they shouldn't be opening.

        This may be true of your home's exterior door or your car door in modern western society, but it certainly is not in
        other settings. People often find themselves in situations where they need to try doorknobs until they find the right
        room/closet, and a locked door is a good way to tell them "not the right door." Signs are usually a better way, but
        sometimes it is silly to put a sign on everything.

        For example, you don't leave the door to your dangerous laboratory unlocked and then send your temp worker
        down t

    • by chiefcrash ( 1315009 ) on Monday August 08, 2016 @01:41PM (#52666591)

      Realistically, for most consumer applications of locks, if someone wanted to get in, the lock isn't keeping them out.

      This is very true, but even then the lock accomplishes something else: it creates evidence of a break-in. You show your home insurance adjuster a kicked in door, they cut a check. You swear up and down that you locked the door and someone must have hacked it, have a fun few months/years in court...

      Being able to hack the lock from a car parked on the street also has advantages: it cuts down on the amount of time and noise you have to make to break in. After all, there's a reason thieves are getting into electronic gizmos to unlock car doors...

      • This is very true, but even then the lock accomplishes something else: it creates evidence of a break-in.

        A bump key or a properly-handled tensioner and rake don't leave any evidence.

        • Not quite true, though at that point you'd have to pay a forensic locksmith to take apart the lock. The act of key bumping basically slams the key against the bottom pins to allow for kinetic energy to be transferred from the key to the top pins. Because they are immobile and absorb the kinetic energy, this causes considerable damage to the bottom pins in the form of large dents and scratches. Similarly, picking the lock tends to leave distinctive scratches on the interior pins...
          • That makes sense. However, it doesn't really affect the point. If you have to disassemble the lock to discover that there was a break-in, then you'll never know there was a break-in. I suppose if you have some *other* reason to believe there might have been a break-in the lock could provide evidence, but that seems like a pretty rare situation, one which wouldn't justify putting locks everywhere.

    • Why do they need a lock, if they have nothing to hide?
  • "had security vulnerabilities that ranged from ridiculously easy to moderately difficult to exploit."
    and
    "We contacted 12 vendors. Only one responded, and they said, 'We know it's a problem, but we're not gonna fix it.'"

    Soooo... pretty much the same standard as most consumer (non-smart) locks? I agree that it's pretty pathetic, but given that most locks are susceptible to a "bump key" and that even some supposedly secure safes can be easily opened with a magnet [youtube.com], the locks are mostly about keeping honest peo

    • The difference is dumb locks you have to access physically to break them open and while doing so you may look suspicious -- there is a time pressure that raises the barrier. With smart locks, you can take your time working the lock at a distance, and once it is unlocked you can casually access the protected item as if it were yours.

  • by Snotnose ( 212196 ) on Monday August 08, 2016 @12:46PM (#52666069)
    We all know most people only have 2-3 passwords, which get used for the dozens of times a password is needed. If I sniffed a password I wouldn't bother with the lock, I'd start seeing what else used that same password.
  • Obligatory XKCD: https://xkcd.com/538/ [xkcd.com]

    I agree that this is a clear vulnerability... but seriously: if a single lock is the only thing separating an intruder and your valuables, bluetooth isn't going to save you anymore than a standard tumbler lock.

    If anything, the data spillage on the password is the biggest problem (given people's propensity to recycle passwords). NOW the *ahem* "hacker" probably has a good guess on the login to your computer, wifi, bank account, etc. To prevent this human performance er

  • There's an increasing number of security-related Slashdot stories. While not necessarily a bad thing, perhaps an easier way should be provided to browse non-security-related stories when one wants to. Suggestions welcome.

    Security certainly is a growing problem, I don't dispute that, but reading too many gets depressing.

    A preliminary suggestion is to adjust the top "Categories" to have checkmarks. Your preferred (default) checkmarks would be stored with your user profile, along with a link next to the catego

  • I wonder, does this attitude have any effect on sales? To explicitly state this publicly must mean they are very confident that it doesn't.

  • Only 75%

    It turned out that the vendors actually don't care,

    Omg. It's almost as if their interest ends at getting your money. Who'd have thunk?

  • That's because the default pin for 75% of Bluetooth locks is either 0000 or 1234.
  • Master Lock's Bluetooth padlock has a body that's just straight up pot metal and won't stand up to a decent smack. https://www.youtube.com/watch?... [youtube.com]
  • Same with keys. (Score:5, Insightful)

    by gurps_npc ( 621217 ) on Monday August 08, 2016 @01:26PM (#52666423) Homepage

    Most locks can be opened in 5 seconds with a 'bump key'.

    Even the best locks can easily be defeated by a sledge hammer.

    The real advantage of most locks is that it TELLS you when they have been attacked. A good Bluetooth lock should keep an easily accessible record of how many times and when it was opened.

    But yes, this should be fixed. Even simple encryption is better than plain text password transmission.

    • Actually, I think plain text is better than poor encryption. Poor encryption is worse than none, as it leads you to believe the communication is "secure" (and gives the marketing weasels air cover). At least with plain text, you know it's vulnerable.

    • by Anonymous Coward

      > Even the best locks can easily be defeated by a sledge hammer.

      https://www.youtube.com/watch?v=mkP1rA5Jhpw

  • 75% today, but it'll be 100% in a few weeks or maybe a few months.

  • I think you are still more at risk from the low tech methods of getting past locks, but the "fuck you, we don't care" additude these companies are showing is very alarming.
  • does anyone else think all the "smart" devices are really just stupid ways of solving a previously solved problem?

    • I agree. In three years half the startups making them will be dead, and so will the app. The only remaining opening method will be keypad code entry, until electronics dies and no service is available. I'd approach these expensive toys with caution. They are probably not worth the price.
  • Shocked that the "hackers" can only break 75 percent.

    They must be n00bZ

  • Not all Kwikset but apparently the new ones that you can re-key yourself. He said the tool that's supposed to let locksmiths pick them won't even work. Locked myself out one day and discovered that my only option was basically going to be to drill through it.

    Made me both happy and sad at the same time....

  • Not that reporting insecurities in Bluetooth implementations isn't important, but the reality is someone is far more likely to kick your door open or manipulate your mechanical lock than they are to go to the trouble of sniffing your short range BTLE traffic to find a way to electronically open your lock.

  • mosty physical locks are also pickable — with a pick and a tension bar — at 25% — the electronic locks might be less pickable than their physical counterparts.. :-p

  • Honestly... who cares, really. Smart locks aren't about security, they are about convenience. The fact that most residential mechanical locks can be picked in mere seconds by a skilled lock smith with cheap tools should be more concerning. A hacker will need specialized software to hack bluetooth locks, greatly reducing the likelihood of a bad-dooer doing something to your house.

    Further, locks don't stop dishonest people from doing dishonest things. You could kick down a door faster than you can pick the lo

  • You want the Nordic nRF51-DK, a devboard which, when loaded with some free Nordic-provided firmware, is a most excellent BLE sniffer ("nRF-Sniffer") - plugs into Wireshark. You can probably lash one together for less than $39 (it's just an NRF51822 and a USB-UART) but this board is quite tasty.
    Anyway, $39 online. Highly recommended, I use it all the time.
    https://www.nordicsemi.com/eng/Products/nRF51-DK

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...