Nearly half of Americans either have or hope to invest soon in smart home technology, a Coldwell Banker survey found. They probably don’t know that the smart home feature the survey found “most appealing” to homebuyers can be hacked.
DEF CON, an annual “hacking conference,” was held earlier this month in Las Vegas. The event attracts everyone from security companies to enthusiasts to curious spectators, and this year that group included Merculite Security.
The company, represented by security researchers Anthony Rose and Ben Ramsey, presented on the vulnerabilities of smart locks. The two revealed that the Bluetooth on several models from several manufacturers can be cracked…from a quarter mile away.
In their presentation, Rose and Ramsey explained how hackers, using only $205 worth of equipment, could crack 10 separate smart locks:
- Quicklock Doorlock & Padlockv.15
- iBluLock Padlock v1.9
- Plantraco Phantomlock v.16
- Ceomate Bluetooth Smart Doorlock v2.0.1
- Elecycle EL797 & EL797G Smart Padlock v1.8
- Vians Bluetooth Smart Doorlock v1.1.1
- Lagute Sciener Smart Doorlock V3.3.0
- Okidokey Smart Doorlock v2.4
- Mesh Motion Bitlock Padlock v1.4.9
- Poly-Control Danalock Doorlock V3.0.8
For buyers, these locks are liabilities.
But the vulnerabilities weren’t inherent in all locks. Rose and Ramsey also identified four models with locking mechanisms they were unable hijack:
- Noke Padlock
- Masterlock Padlock
- August Doorlock
- Kwikset Kevo Doorlock
While the Kwikset remained unhacked, the researchers were able to crack it using more conventional means (i.e. a screwdriver).
A security concern
When Coldwell Banker asked what technologies a home needed to be considered smart, 63 percent responded “locks and alarm systems.”
Buyers want them, and sellers are buying them.
A series of surveys from Kwikset, a smart lock company, tracked a 180 percent increase in smart lock adoption from Jan. to Sept. 2015. It’s a good bet that a number of those adoptions include locks vulnerable to a hack.
Merculite didn’t include a definitive list of which locks are safe and which aren’t in its presentation, but the presenters did provide a sort of checklist of features typical in “uncrackable” locks that agents can relay to their buyers and sellers:
- Proper AES Encryption
- Truly random nonce
- 8-16 bytes
- 2-step authentication
- No hard-coded passwords
- Long passwords allowed
- 16-20 characters