Smart Locks May Have Security Deficiencies

December 19, 2016

The Internet of Things looks poised to dominate the future of technology. Our devices are already capable of more than ever before, and soon they will begin to communicate with each other more frequently to give us seamless control over their functions - while also allowing for more autonomous activity.

After all, what's not to like about a thermostat that learns your daily routine and sets the temperature automatically to accommodate you? Who wouldn't want home lighting and other appliances that can be controlled remotely with a smartphone app? It’s your very own smart house.

One particularly interesting innovation from IoT is the smart lock. In theory, these promise to be much more secure than traditional locks, which requires a specific key that can be lost, stolen or copied. Smart locks can be paired with a mobile device and unlocked through an app. There's no chance of anyone picking them.

But that doesn't mean that other risks haven't arisen to fill the gap. We've written before on this blog about how smart devices that make up the Internet of Things may threaten your privacy. Now, let's take a look at how one innovation can leave you surprisingly vulnerable.

Why smart locks may not be so smart

According to a recent report by The Next Web, a fancy smart lock may not actually be any more secure than its traditional counterparts.

Anthony Rose and Ben Ramsey, both of Merculite Security, used simple hardware to test the vulnerabilities of many common brands of locks. What they found was that while there are advantages to not requiring physical keys, smart locks often use surprisingly insecure methods of reading and sending information.

For instance, some of the smart locks that were tested transmitted passcodes in plain text over Bluetooth. The lack of encryption meant that anyone passing by using a Bluetooth sniffer could, in theory, have stolen the passcodes and used them later, The Next Web reports.
In addition, other locks proved vulnerable against what is called a "replay attack." This simply means that other mobile devices could capture the signal from a user locking or unlocking their smart lock and then use it again later to do the same thing. As The Next Web explained, this is similar to the phenomenon where you might accidentally open your neighbor's garage door with your opener.

Poor physical security limits privacy

Obviously, there are many reasons why you want your home to be locked up tight. You want to keep out violent intruders, as well as burglars looking to steal money and valuables. But you also have to protect the sensitive documents lying around your home. If these are ever stolen, the financial burden could be worse than simply losing some cash. Thieves can open credit accounts in your name, impersonate you, and ruin your credit.

The fact is that no lock is perfect. It's important to do your research before purchasing a smart lock system and a good idea to have backup security measures in place as well.

It's hard to live life to the fullest when you're constantly looking over your shoulder for identity theft and other personal crimes. Start doing more to help protect your identity and enroll in Identity Guard. By leveraging IBM Watson technology, Identity Guard is always working to provide you with powerful identity protect for you and your family.

Related News

September 27, 2018
New Law about Free Credit Freezes

Credit reporting agencies have started to offer free credit freezes for individuals who may be the victims of fraud, due to new laws passed by Congress.