top of page

Security of locks - what went wrong?

Existing access control systems are outdated, insecure, inconvenient, expensive, and require a lot of supporting network infrastructure. More recently, all existing electronic access control technologies have been exposed as hackable. Sometimes the hacking can easily be done with cheap devices bought online for $10-$30. Some technologies such as metal keys, have been around for over 2000 years. Other technologies such as mag-stripes have been around for 40 years, and have been breaking down for a long time.

The following locks have been found to be insecure and hacked;

Bluetooth locks; in mid 2016, over 75% of bluetooth smart locks on the market were shown to be open to hacks. Many research papers were published online, showing vulnerabilities in Bluetooth locks, and how a device costing around $100 can unlock any Bluetooth lock. Besides being insecure, Bluetooth smart locks are also difficult to pair and are unreliable.

Wi-Fi locks; In October 2017, a massive security vulnerability called KRACK which allows hackers to hijack your W-Fi connection, inject content, steal passwords, and monitor your traffic, was exposed. IoT devices including Wi-Fi smart locks are an "ideal target" for attacks based on the KRACK exploit because of slow patch times and insecure communication.

RFID locks; In June 2017, RFID keycards, commonly used in offices and hotels, were shown to be easily copied at a DEFCON conference using a cheap device costing $10-$20. With this device and some code available online, hackers can easily remotely copy your keycard credentials, and let themselves into your office/hotel room in under 30 seconds. Also the same technology is used in car key fobs, and in mid 2017, a spate of car break-ins using the RFID hack have been happening all over USA and Europe. ​

Magnetic Stripe locks; Back in 2012, over 4 million magnetic stripe locks in hotel rooms were shown to be hackable and easily opened with a device that cost less than $20. More recently, more and more hacks exposing magnetic stripe technology, also commonly found in credit cards as well as hotel rooms, became evident including the Target credit card hack which exposed 40 million people’s credit card numbers in the US in 2014. ​

Zigbee locks; In 2015 Researchers at Black Hat and Def Con warned about security flaws in Internet of Things devices using the ZigBee protocol, leaving Philips Hue light bulbs, smart locks, motion sensors, switches, HVAC systems and other smart home devices vulnerable to compromise.

Z-Wave locks; In 2016, a Z-Wave hacking tool was demonstrated at a hacker conference and was shown to be physically capable of destroying Z-Wave devices.

Metal Key locks; Invented by the Romans over 2000 years ago, metal keys still remain the most predominant lock technology, and have hardly changed in 2000 years. However, these days anyone can watch a 2 minute YouTube video and buy devices online such as a bump key for $10, and learn how easy it is to bump, crack, snap or jemmy open a metal key lock.

Please visit our security lock hack gallery to watch videos, and to learn more about the above hacks.

In conclusion, smart lock adoption has not taken off like many other smart devices such as smart meters mostly due to insecurities, but also due to expensive costs, unreliability and the need for onsite infrastructure. This smart lock resistance can be evidenced when you compare the number of smart electricity meters already installed around the world, with over 64 million installed in 2015 alone in the US compared to only around 1 million smart locks globally.

What locks need right now is a secure, purpose built technology, which is licensed and controlled by the world's biggest IT companies - that solution exists and its called Narrowband IoT.

bottom of page