JavaScript must be enabled in order for you to see "WP Copy Data Protect" effect. However, it seems JavaScript is either disabled or not supported by your browser. To see full result of "WP Copy Data Protector", enable JavaScript by changing your browser options, then try again.

Can Smart Locks Be Hacked? – Are Smart Locks Worth It?

blank

K eyless locks are the new trend. They save you when you come home with the hands full of groceries or every time you find yourself at work thinking if you closed the door back home. The truth is that they are far more comfortable than a conventional lock. You can pair them with your phone and create codes for your family members. You can also generate temporary passwords for your guests or renters and delete them at the end of the visit. Moreover, you can open the door every time you have a package delivered, even if you are not home. Thus, you will never find your brand new Smart TV completely wrecked by the rain.

So, we’ve established that they are comfortable. But now comes the big question. Are they as secure as the companies present them? In the end, they are digital devices, and we all know that everything digital can be hacked. Have the manufactures found a way to give us complete peace of mind? Can we trust our lock or is the garage door code-breaking story happening again?

Let’s find out.

Make sure you know every time somebody is trying to get into your house. Take a look at Schlage BE479 Sense and the options it has to offer. Among them, the alert it sends every time it senses signs of forced entry is the most appealing.

Man unlocking a smart lock through fingertip identification Image

What is a Smart Lock?

The intelligent version of a traditional unit, this device uses the same deadbolt system. Nevertheless, in this case, it isn’t actioned manually but by a built-in motor, which waits for the right electrical impulse to bolt or unbolt the door. Electronic units come with keypads or can be paired with a phone through communication protocols like WiFi of Bluetooth, and they don’t require the use of a tangible key. It will be the password or the command from the phone that will trigger the response in the motor.

Depending on the price, they can offer more or fewer features. But if you are willing to invest more, you can get a model with a camera, intercom, anti-theft settings, or emergency alarm. Among the options these units can offer, you can also find biometrical recognition, which means that you will be using your finger or eye to open the door, and even voice control.

Reliability is everything when it comes to protection systems, so take a look at our top-rated smart locks and get one manufactured by a trustworthy brand. We’ve made sure they comprise high-quality encryption systems and variate access options.

A brocken lock and code, suggesting security data breach Image

Are Smart Locks Secure? Can They Be Hacked?

While in the safety business nothing is a secure as we would want it to be, and no lock is unbreakable, if you pick a dependable brand, you shouldn’t encounter big security problems. Things have changed in the last years and electronic locks are no longer at the beginning when hackers could easily find their way in. Nevertheless, the problems detected by the researcher Anthony Rose in 2016 are still present in some models, so let’s take a moment and analyze them to see how your electronic security system can be breached.

In his presentation held at DEF CON 24 in 2016, Rose tested 16 Bluetooth models and managed to hack 12 of them. Some didn’t put any resistance while others broke after a few attempts only. Here are the problems highlighted by this experiment:

Plain Text Passwords

This issue was identified in four of the twelve units that couldn’t resist a hacking attack. More exactly, these units were transmitting the passwords in plain text, which means that they weren’t altered in any way but saved in the exact form in which they were introduced. Thus, it would be enough for the hacker to access the database and steal the passwords as they were.

But the issue didn’t stop here. If you thought that this problem could be overcome by changing the password more often, then you should know that Rose managed to access the main password, the one that belonged to the admin, and change it. If this happened to you, it would mean that you won’t be able to access the system anymore, with the hacker having you blocked outside the house.

Fuzzing

This method has appeared as a tool used by programmers to test if the program they are developing has any bugs. It consists of a series of tests during which random data permutations are sent toward the program to check if it shows any liabilities or defects. But hackers are programmers as well, with the difference that they usually play for the other team, so there’s no wonder that they adapted the technique to challenge electronic security systems.

So, the researcher used it as well in his experiment to try to overpass the lock’s security system. He modified the bytes in the encryption key and constantly transmitted these altered packages toward the unit, which eventually broke in front of this attack, showing an error and unbolting the mechanism.

Spoofing

When using this method, the intruder will mask their identity to seem that the device asking for information is already known and trusted by the network. Thus, the researcher used a Raspberry Pi to seem like it was the lock and asked the cloud server for the password, which immediately transmitted it to him. Then he just directed it toward the lock and got access.

Person holding a chip Image

Decompiling APK files

These types of files are necessary for the Android system to run the software or an app. The thing here is that hackers can access the code and decompile it into Java code, which makes it easier to read. From here forward, it is all research. The intruder will look for info that can be used to crack the device or rewrite portions of the code.

In his experiment, Rose found one lock that had the password hardcoded into the code, so it was easy for him to just use it and unlock the system.

Replay Attacks

This method is used frequently by hackers to intercept a data transfer and either redirect or delay it to use it to their benefit. As the encryption remains unchanged, when the hacker launches their attack, the system will treat it as a valid request and either execute a command or allow them admission to the system. Thus, the signal you are sending to your lock through your phone or remote control can be captured by the hacker and used another time.

Among the strongest on the market, Kwikset Kevo 2nd Gen is a model that will bring you peace of mind. The greatest feature it offers is that it looks like a standard lock, so it won’t draw the hackers’ attention.

A network of locks suggesting security Image

How Can You Prevent Your Lock from Being Hacked?

Since 2016, the most important brands in this industry have worked to solve these problems, and, according to their recent statements, they managed to upgrade the defense of their systems. Nevertheless, you should be aware that it isn’t always the manufacturer’s fault when a breach happens. There’s an unwritten agreement between the provider and the client which states that care should be shown by both parts. It isn’t the company’s fault if you have installed their unit but forgot to close the door.

So, here is some advice that can help you make the most of your electronic unit:

  • Always purchase your units from a trustworthy company – Remember that Rose only managed to break 12 locks out of 16, so some brands have been paying more attention to their devices than others. The 4 units that resisted hacking were produced by Noke, Masterlock, Kwikset, and August, so this could be a good start when picking your device. Other reputable companies that can guarantee upgraded security are Schlage and Yale.
  • Check the specifications – Things may get a bit geeky here, but you can make an effort and check for your unit to use 128-bit AES encryption, which is actually the one used by the U.S. government. At the same time, make sure the system can offer 2-Factor Authentication, which means that it will require you to introduce either a code and a vocal command at the same time or a code and fingerprint authentication. Basically, you won’t be granted access unless you manage to provide the right data for two identification methods. This system is usually harder to break by hackers.
  • Find a model that allows you to set long passwords – At least sixteen characters should be the rule, and you should take advantage of this feature. Do not set short or predictable passwords. It is obvious that 1234 is out of the question.
  • Always update the software – It may seem that you are always in a rush, but you can take two minutes to allow the app to download and install the latest update package. You can leave your game or your music app wait, but when it comes to the protection of your residence, you should never postpone this task.
  • Check the mechanics – It isn’t enough for your digital unit to be strong on the software side. Hardware is just as important. If you get a weak unit, the intruders won’t even need to break your code. They can just go back to the old screwdriver method. In this direction, you can use the ANSI grade system, which will tell you how strong your unit is. You will want to acquire one graded with the highest security level and this would be 1. A unit graded with 1 will be able to endure 10 strikes of 75 lbs of force and up to 1,000,000 of locking and unlocking cycles.

You can get full convenience and stay safe at home with August Smart Door Lock. It pairs with your phone, and it pairs with Alexa. Moreover, the encryption technology is 128 AES, so you will get the same data protection as the U.S. government.

Are Smart Units Safer than Traditional Units?

If we are doing a side-by-side comparison, the main difference that can be identified is that a traditional system cannot be hacked, as there is no code to be broke. Both of the mechanisms, on the other hand, can be removed manually if the intruder is skilled.

So, what does an electronic model offers extra to make a better choice? Well, if you have picked a well-known brand and followed all the suggestions from above, an automatic lock can offer you more security than you would expect. Note that some models come with alarms that will sound if somebody is trying to move the unit or mess with the code. You can opt for a model that includes a camera and see who’s at the door from your phone. Moreover, you can get detailed registries with the dates and hours when the door was used.

A person dialing a code on a smart lock keypad Image

So, Are They Worth the Money?

An automatic unit is more high-priced than a traditional one, with prices that can vary from $100 to $300. Consequently, the question we are trying to answer is a valid one. As we have explained, you will only get high levels of security if you invest in a good unit, therefore the prices should push more toward the upper limit, and you may have to change your locks more often as the technology evolves and these systems become more complex and safe.
The main reason you will want one, though, is because it is convenient. It doesn’t require you to carry or hide a key and gives you the peace of mind that your door is locked in moments when you start doubting you have remembered to do it. Moreover, it can be an excellent pick for families with kids, who won’t misplace the key anymore but use the code to enter the house.

If you are afraid that intruders can read your code by your fingertips, opt for Schlage BE469. The keys are fingerprint resistant, so no mark that can give away your password will be left behind.

The Bottom Line

Sometimes you will find locks that seem to have it all solved. They promise impeccable security measures, 4 or more access options, a dedicated app, and a price that is lower than the average. They are tempting but think that it is your family’s security you are buying and that it isn’t the moment to be cheap. If you are buying a smart unit, make sure it is produced by a dependable brand and that it complies with all the protection standards we have listed. Moreover, do what is expected from your part to reduce security breaches. Set a long password and don’t save it in a place where it can be easily retrieved. And make sure to install the unit correctly, so regular intruders don’t break through an intelligent lock with a screwdriver.

Trystan Jensen
Trystan Jensen
Trystan is a trusted reviewer who has extensive experience in customer satisfaction gained while he worked as a market research analyst. He is well aware of what consumers want, as well as what they expect the most from the acquisitions they make. It is his personal interest in technologies that help improve life quality combined with his attentiveness to detail and customer experience that make Trystan an unending source of qualitative content.