The Internet of Things (IoT) has been something really admired by gadget makers around the world. They’ve made everything from your refrigerators and TVs to your keys and even pregnancy tests all connected. But with great connectivity comes great vulnerability and it has been said and proven before that the security of such “smart” devices is usually very inadequate. To prove this fact and put a bit more light on the very pressing issue, two researchers exhibited something at the DEF CON recently.
Your "smart locks" aren't as secure as you think they are!
The researchers, Anthony Rose and Ben Ramsey showed how they could get access to 12 different such smart locks. The 12 different Bluetooth Low Energy smart locks were all accessed using very cheap hardware that only cost $200. But the point they proved is massive, you could have some really valuable items behind those locks and they could easily be stolen by someone who knew how, so better be careful the next time you put something behind a smart lock.
Some of the smart devices, including Quicklock and iBluLock Padlock stored users’ passwords in plain text format. This means that anyone who has got a Bluetooth sniffer can access to these locks and eventually possible valuables. While other devices such as the Ceomate Bluetooth Smart Doorlock and the Elecycle EL797 were easily accessible using replay attacks. Which are just attacks in which the data is grabbed over the air and replayed, eventually opening the smart locks.
The researchers showcased other methods too, some of which were a little more complicated than the ones mentioned but were still fairly basic. To researchers made a vulnerability report and sent it to the relevant companies but to their surprise only one of the companies responded and they also didn’t offer any patch.
With that being said you might wonder how easily accessible smart locks actually are. This shows that there a number of ways a hacker can gain easy access to a locked door without the need for any authorized keys, and knowing the pin to a lock doesn’t really raise any suspicion. So I guess it’s time to ask companies to step up their game and to view the potential pros and cons of the IoT.
