Hi G33Ks It’s an open secret that the Internet of Things (if we must call it so) is pretty terrible, whether in standards, interoperability or security. You don’t really expect good security in a smart light bulb or coffee maker, though. A smart* front door lock*, however, really shouldn’t be quite this easy to hack.
Two different presentations at DEF CON this year made it clear that there’s a long way to go before we should start trusting the average smart lock — or even the nice ones (though if you had to choose, the latter is the better). This may surprise you, or you might have been saying it for years. At all events, these guys proved it with gusto. Anthony Rose and Ben Ramsey, from Merculite Security, showed off a bit of lock hacking <https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Rose-Ramsey-Picking-Bluetooth-Low-Energy-Locks.pdf> done with less than $200 worth of off-the-shelf hardware. Some opened easier than others, but in the end 12 out of 16 yielded. Locks from Quicklock, iBluLock, and Plantraco transmitted their passwords in plaintext, making them vulnerable to anyone with a Bluetooth sniffer. Others were tricked by the attacker simply replaying the same data they snatched out of the air when a legit user unlocked the door. Another entered a failstate and opened by default when it received an encrypted string that was off by one byte. [image: vulnerable_locks] <https://tctechcrunch2011.files.wordpress.com/2016/08/vulnerable_locks.jpg> Worth noting as well: doing a bit of wardriving, the two found plenty of locks identifying themselves as such, making it easy for an attacker to find devices to listen in on. References: https://techcrunch.com/2016/08/08/smart-locks-yield-to-simple-hacker-tricks/ Cheers Naik -- You received this message because you are subscribed to the Google Groups "NFORCEIT" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send an email to [email protected]. Visit this group at https://groups.google.com/group/nforceit. For more options, visit https://groups.google.com/d/optout.
