2 min read

Hacking a Smart Door Lock May Be Hard, but ‘Drilling’ It Is Easy

Ionut ILASCU

October 09, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hacking a Smart Door Lock May Be Hard, but ‘Drilling’ It Is Easy

Smart locks are growing in popularity because they’re easy to install and use, and promise security with a lot of interconnected features. Fingerprint ID, PIN, WiFi and connecting to your smartphone are only some of those features, and they guarantee that nobody can hack into your smart home.

While many of these IoT products strive to be invulnerable on the software side, they neglect a very important aspect: thieves can still force their way in, physically. As Andrew Tierney from Pen Test Partner shows, breaking into a smart lock can be done in less than four seconds with no special tools or IT knowledge.

The Pineworld smart door lock, available on Amazon for $140, has PIN, WiFi, RFID, and fingerprint ID protections along with other features to safeguard your home against an intruder. But, as Tierney says, thieves can quickly drill a hole into the bottom of it, insert a screwdriver and lift the clutch that releases the mechanism.

“I can drill through the side of the die cast housing in 2 seconds. It’s not loud, and it doesn’t need special tools,” Tierney says on Twitter. This is possible because the casing is made of aluminum alloy, which is much softer and easier to shape into attractive shapes than steel. He explains the entire process here.

The researcher says nearly all electronic locks can be drilled and are physically weaker than their non-connected, dumb counterparts. As he puts it, an electronic lock is easier to control, but that does not make it more secure against traditional hardware tools.

Sometimes, even the ‘smart’ part is easy to fool when there is physical access, without leaving any sign of force. Some NUKI lock models, for instance, may pair via Bluetooth with any phone nearby when the button inside the house is pressed for a few seconds. If you think this is unrealistic because the burglar needs to be already in, read on.

Such a NUKI lock mounted on a front door with a letterbox slot can be unlocked with an easy-to-make rigid structure, a smartphone, and a camera. A video below demonstrates the “hack,” which is similar to what we see in action flicks when thieves break into a safe, except that it uses a very crude contraption.

In this scenario, thieves use the camera connected to the phone to guide the structure through the letterbox slot to the NUKI lock handle and press it for three seconds to start the Bluetooth pairing process. With NUKI’s mobile app running with default settings, the thieves can get the status of the lock and change it.

This method of physically forcing a smart lock open is less messy and somehow more elegant than drilling. Yet both have the same results and take about as much time: a few seconds. For all the security features on the software side, smart locks aren’t really as smart as they seem.

Image credit: geralt

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

CafePress Fined $500,000 for Not Disclosing Data Breach that Compromised 23 Million Accounts CafePress Fined $500,000 for Not Disclosing Data Breach that Compromised 23 Million Accounts
Silviu STAHIE

June 28, 2022

1 min read
Carnival Cruises bruised by $6.25 million fine after series of cyberattacks Carnival Cruises bruised by $6.25 million fine after series of cyberattacks
Graham CLULEY

June 28, 2022

2 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
Silviu STAHIE

June 28, 2022

2 min read