As Bluetooth locks became more popular, researchers found that 12 of 16 such locks were vulnerable to hacking and were used from a distance of 400 meters using simple tools.
At the Las Vegas Hacking Conference last week, researcher Anthony Rose showed how to attack Bluetooth locks with a $100 Ubertooth sniffer, a $40 Raspberry Pi, a $50 high-performance antenna and a $15 USB Bluetooth adapter.
"The design of smart locks is very stupid," Rose said. "Many manufacturers pay more attention to the convenience of users than security."
Some of the smart locks tested are very easy to crack. Quicklock's door locks and padlocks, IBluLock padlocks, and PlantracePhantomlock all transmit passwords in clear text, making data very easy to capture by data sniffers.
In addition, five smart locks are vulnerable to replay attacks, that is, when the lock is used, the hacker collects the signal and stores it, and sends the unlock device again. The five devices are CeomatheBluetoothSmartDoorlock, LaguteScienerSmartDoorlock, ViansBluetoothSmartDoorlock, ElecycleEL797 and EL797Gsmartpadlocks.
Rose said that his unlocking method is just one of them, and there are other ways to unlock it. Just like the SimpliSafe incident that took place in February, the attacker only needs to hide a sniffer in the bushes and then come back and take it away.
Some manufacturers still make the most basic mistakes that make the product extremely vulnerable. The Quicklock vendor uses only 6-digit passwords, which is highly vulnerable to brute force attacks. What's even more ridiculous is that the firewall administrator password of another vendor is "thisisthesecret", and finding it is not difficult at all.
There are loopholes in the source code of many locks. Rose attacks the system by sending malformed packets, so the lock is automatically opened.
Rose notified the 12 vendors but did not receive a positive response. A Chinese manufacturer closed the site but still sells it on Amazon. In addition, 10 companies did not respond. There was another who replied to him but said that he would not fix it.
But fortunately, four vendors performed well, namely NokeLocks, Masterlock, Augustdoorlock and KwicksetKevo. Rose said that KwicksetKevo's locks have an excellent software security system for strong encryption, but the workmanship is very poor, and can be removed in a few seconds with a screwdriver.
ã€
The Intelligent Energy Storage System
The Intelligent Energy Storage System,Large Photovoltaic Grid-Connected Power,Grid-Connected Power Generation System,Photovoltaic Grid-Connected Power Generation System
Fuzhou Mei Li Cheng Imp&Exp Co., Ltd , https://www.mlc-solar.com