Popular Smart Lock Has a Major Security Failure
Home automation and integrated smart locks are becoming ever more popular devices. Having appliances, security cameras, lighting, thermostats, irrigation systems, and entertainment centers all connected to a hub is revolutionizing the way homeowners operate. They can program and operate all of these electronics in and around their house with voice command or remotely from an app.
The advantages of smart home automation include convenience, saving time, and saving energy. They are also relatively easy to install. Some product developers and homeowners have also claimed that smart locks have helped increase residential security. Since their debut on the market, however, others have doubted the idea that an electronic lock can provide a high level of security.
Let’s review the latest case for security concerns about smart lock technology and what steps manufacturers are taking to ensure that your home is locked tight.
Table of Contents
Are traditional locks more secure than keyless locks?
Homeowners and security experts have wondered about the safety of these types of home automation networks since they hit the market. Safety breaches have been the main topic of concern. Many speculated that connecting a lock to the internet would make hacking possible. This would mean that, once someone had gain access to the system, they could gain entry to the house. However, smart lock manufacturers have continued to reassure consumers that these innovative devices are even more secure than traditional keyed lock mechanisms.
The number of smart home devices sold in America is expected to reach 832 million this year, making this a growing security concern. In fact, government bodies – including California and the U.K. – are pushing for stricter security features in devices that connect to the internet.
Related article: Are Smart Locks More Secure than Regular Locks?
Evidence that Smart Locks Can Be Breached
Recently, a team of security researchers found a significant vulnerability in one of the most popular smart home hubs. Chase Dardaman and Jason Wheeler published research showing a security flaw in a particular smart home device. According to their tests, the ZipaMicro Z-Wave smart hub controller can be hacked.
This Z-Wave hub model was designed to control residential lighting systems, thermostats, security cameras, and locks for integrated home automation. It also works with third-party smart electronics. Customers appreciate that it’s easy to use and less expensive than similar devices. According to the manufacturer, more than 20,000 homes and residential facilities rely on this device.
The two researchers outlined three critical security threats related to the hub made by the Croatian company, Zipato. These flaws essentially make it possible for someone to hack the hub and unlock a home’s smart lock. Dardaman and Wheeler found that it was possible to:
- Remotely unlock an exterior door without having gained access previously.
- Activate a smart lock connected to the same network as the hub.
- Utilize data found on one hub to open another door within the same network.
The scariest finding was regarding apartment facilities using a single, unified smart hub. Once hacked into the system, the researchers said, it would be possible to open virtually any smart lock connected to the same network. This means it could potentially allow uninhibited access to multiple apartments in the same complex.
How Hackers Unlocked the Smart Device
Cracking the system wasn’t easy though. In order to hack into the hub, they had to utilize the same Wi-Fi network connected to the hub. The information needed to do this was found by hacking into the smart home controller. They were able to crack the password-protected sub-directory and reach its memory card. Here, they were able to find the hub’s private SSH key. This private credential grants the highest level of access.
With the SSH key, an intruder could operate the home automation hub as if he or she were the homeowner. The system was engineered in a way which wouldn’t require the intruder to know the password or access code. At this point, with just a few clicks, a skilled hacker could activate the smart lock synced to the hub. Locking and unlocking the front door would just require a few commands written in computer programming code.
Making Smart Door Locks Even More Secure
Zipato responded quickly to the news about these security flaws. Within a few weeks, the company implemented significant modifications. These included providing each hub device with a unique private SSH key. More advanced smart devices are now available from the brand and product developers are always working to increase security.
Residential Locksmith Services
Looking for ways to make your life easier and protect your home better? Request a consultation with an experienced locksmith. For purchasing assistance, installation, repair, or maintenance, contact Great Valley Lockshop. Call us at (610) 644-5334 or get a free estimate here.