Technology today has transformed the traditional locks to smart locks. Thanks to the advancement in the technical frontier. The days of the mechanical lock and keys has almost come to its end with the emergence of the smart locks. These locks can now be accessed from a mere Bluetooth to Over the Internet. As much interesting it sounds, they have become a nightmare. The very devices that are meant to secure your home are not very secure afterall.
Andrew Tierney, Security Consultant at Pen Test Partners spoke to hardwear.io about the security of smart locks. His talk on Z-Shave. Exploiting Z-Wave downgrade attacks at hardwear.io 2018 is on 14th September.
Andrew: In general, most smart locks are less secure than their mechanical counterparts, and certainly more expensive! Many of the locks we have looked at have had very poor security, but it's hard to tell from the outside.
Andrew: Everything! BLE, Zigbee, Z-Wave, WiFi, RFID, electronics, the hardware itself, glitching, high power RF, conventional picking, bypasses and brute force!
Andrew: At the hardware level, we find that many locks still allow the firmware to be read out easily. This makes reverse engineering much easier. But more importantly than that, many of them still allow firmware to be written to them without any checks beyond a CRC, allowing malicious firmware to be loaded. We have seen a lot of problems with the sensing technologies used in locks - things like hall effect sensors being triggered by magnets outside the lock. And there is still the elephant in the room - de-auth attacks against WiFi. Why is no one talking about this? You can DoS most wireless cameras and locks trivially!
Andrew: Why? Hard to say. One-way RF systems - like older car remote keyless entry - often suffer from replay because things like challenge/response and synchronization aren't possible. I think many of those designs have fed through to later systems, despite them using two-way RF systems like BLE and WiFi. The best solution is challenge response with nonces, by far. Still lots of gotchas.
Andrew: We've yet to hear of any electronic attacks being carried out in-the-wild against padlocks or door locks. Look towards cars though, and we are seeing advanced electronic attacks against them - relay attacks and hacks against various cars are common in the UK. I think it is only a matter of time before electronic attacks start getting used, but the technology needs to be more widespread before it becomes worthwhile. I think we will see jammers for common alarms and locks first.
Andrew: My biggest concern at the moment is where they let the conventional physical security down. £200 locks that can be picked in seconds, ripped clean off the door with simple tools etc. or opened with a magnet.
Andrew: Come to us whilst you are designing the lock, not after you have made it. A day or two of consulting at this stage is worth 10-20 of pen testing!