How safe are Bluetooth locks? Most can be hacked without much difficulty

With the demotic and colonization of our homes by the electronics more and more uses covered by any smart device. Something that does more than a year is booming are smart locks by Bluetooth, as we saw Tesa or August, but the conference DEF CON hacker Las Vegas have shown they are not all equally safe and much of the existing can be unlocked easily.

This is the work that a couple of days engineers Anthony Rose and Ben Ramsey presented ago. A demonstration which apparently most manufacturers ignored (or did not want to), unlocking being possible in 12 of the 16 products tested.


bluetooth locks
Image Source: Google Image

A simple method for a tight security

As on other occasions, technology and tools used to hack or unlock the locks it is relatively simple and affordable. Cases like hacking the voice assistant with radio and headphones, that of wireless keyboards with a device for $ 12 or the monitors with malware we saw this morning.

This time it is a maneuver performed with four instruments, including a sniffer Bluetooth (something like a Bluetooth sniffer), which as one can imagine to detect and read information from the signal. Which in this case have used is Ubertooth, with an approximate cost of $ 100. Next to sniffer engineers required a USB Bluetooth adapter network, a Raspberry Pi and a directional antenna to extend signal.

How can you unlock? In some cases because some manufacturers put on a plate for such a device, sending the password in plain text, so that it is completely uncovered to read and change. Specifically it occurs in models Quicklock ,iBluLock and Plantraco by double sending the password (lock the handset and vice versa) so that engineers could make changes to the original password. More or less the summed up in this sentence:

Thus the user does not operate the lock, since it is continually trying with an incorrect password. Furthermore, the method to reset the lock is removed and installed the battery, but access to it is protected by the password lock, ergo need the new password to unlock it.

Few are saved

Are waged by sending the encrypted password? In theory it should be so, but in practice they apparently did not pass the test against sniffer . At least one of the models that password protected unlocking could achieve by taking this password and sending back such that the device (to boomerang). As shown, this was unblocked though they failed to decrypt the password.

In other cases the engineers took advantage of the failures encryption method, sending random data packets to determine the response of the device. They managed to open the model Okidokey by modifying a single byte in the encryption (e.g. what they show in the work, “b6” to “00”, and the Bitlock using an app for mobile and can access the server Cloud.

You may also like to read another article on Tiffany-Hines: Home Security and Why Its the Responsibility of All Family Members

In addition to the above, among the devices tested they are those of Kwikset, Masterlock, Vians, Ceomate, Noke, August and Elecycle. Of these only managed to dodge the newest hack Kwickset, August, Noke and Masterlock which run on two – step authentication. However, the author alludes that even beyond this release do not face a screwdriver, citing YouTube videos like this.

As mentioned at the start, they managed to unlock the lock in 75% of cases. What they want to do with this is that not all locks have the same degree of safety even work via Bluetooth, reporting in turn answers (or rather absences) by manufacturers, as collected in Tom’s Guide.

Contacted twelve manufacturers. Only one answered, and said: “We know it is a problem, but we will not solve.”

Not an easy maneuver or even with the sniffer everyone could do it, since a minimum knowledge of relatively advanced software are required. But it is striking to see how the case of devices whose primary use is security (from bicycles to houses) put this out. We’ll see if manufacturers, despite not express time, solve the problem to avoid this release that also can be done in a radius of about 400 meters.

Leave a Reply

Your email address will not be published. Required fields are marked *