Stay Away from Bluetooth Home Locks

18 Aug 2016

We should, for the time being at least, stick to mechanical locks for our homes and businesses.  As with hacking car security systems, it is possible to hack so-called Smart Locks using a combination of a US$40 Raspberry Pi, a US$50 high-gain antenna, and a US$15 USB Bluetooth dongle.

Security researcher Anthony Rose presented his method to the DEF CON hacking conference in Las Vegas recently, stating: “Smart locks appear to be made by dumb people,” Rose said. “Lots of manufacturers choose user convenience over security and aren’t bothered about fixing their hardware.”

It seems that even those with reasonable electronic security can be cracked open using hardware methods; in one case just using a screwdriver.

We need to remember that if we can use NFC or Bluetooth to unlock a device, it is highly likely that a 'baddy' can do the same by hiding a transceiver in the bushes near your front door to capture your unlock signal.

References:
https://www.wired.com/2009/08/electronic-locks-defeated/
http://www.theregister.co.uk/2016/08/08/using_a_smart_bluetooth_lock_to_protect_your_valuables_youre_an_idiot/
https://www.defcon.org/html/defcon-21/dc-21-vendors.html

Happy hacking,
Terry