Hacking a Smart Door Lock May Be Hard, but ‘Drilling’ It Is Easy

Smart locks are growing in popularity because they’re easy to install and use, and promise security with a lot of interconnected features. Fingerprint ID, PIN, WiFi and connecting to your smartphone are only some of those features, and they guarantee that nobody can hack into your smart home.

While many of these IoT products strive to be invulnerable on the software side, they neglect a very important aspect: thieves can still force their way in, physically. As Andrew Tierney from Pen Test Partner shows, breaking into a smart lock can be done in less than four seconds with no special tools or IT knowledge.

The Pineworld smart door lock, available on Amazon for $140, has PIN, WiFi, RFID, and fingerprint ID protections along with other features to safeguard your home against an intruder. But, as Tierney says, thieves can quickly drill a hole into the bottom of it, insert a screwdriver and lift the clutch that releases the mechanism.

“I can drill through the side of the die cast housing in 2 seconds. It’s not loud, and it doesn’t need special tools,” Tierney says on Twitter. This is possible because the casing is made of aluminum alloy, which is much softer and easier to shape into attractive shapes than steel. He explains the entire process here.

The researcher says nearly all electronic locks can be drilled and are physically weaker than their non-connected, dumb counterparts. As he puts it, an electronic lock is easier to control, but that does not make it more secure against traditional hardware tools.

Sometimes, even the ‘smart’ part is easy to fool when there is physical access, without leaving any sign of force. Some NUKI lock models, for instance, may pair via Bluetooth with any phone nearby when the button inside the house is pressed for a few seconds. If you think this is unrealistic because the burglar needs to be already in, read on.

Such a NUKI lock mounted on a front door with a letterbox slot can be unlocked with an easy-to-make rigid structure, a smartphone, and a camera. A video below demonstrates the “hack,” which is similar to what we see in action flicks when thieves break into a safe, except that it uses a very crude contraption.

In this scenario, thieves use the camera connected to the phone to guide the structure through the letterbox slot to the NUKI lock handle and press it for three seconds to start the Bluetooth pairing process. With NUKI’s mobile app running with default settings, the thieves can get the status of the lock and change it.

This method of physically forcing a smart lock open is less messy and somehow more elegant than drilling. Yet both have the same results and take about as much time: a few seconds. For all the security features on the software side, smart locks aren’t really as smart as they seem.

Image credit: geralt