Bluetooth Door Lock

Neat, but I'll bet it can be hacked.

Posted on April 6, 2015 at 6:55 AM • 49 Comments

Comments

Nathan EvansApril 6, 2015 7:12 AM

Of course it can. Just like mechanical locks can be picked and combination locks can be cracked.

MichaelApril 6, 2015 7:28 AM

As long as it requires physical access (bluetooth ~33ft) it's probably not significantly less secure than my current deadbolt. And going through a window is even easier.

Clive RobinsonApril 6, 2015 7:41 AM

@ Bruce,

... but I'll bet it can be hacked

Almost certainly...

The only question is which bit and how...

1, Via an attack on the phone,
2, Via an attack on the "air interface".
3, Via the lock software.
4, Via the lock electronics.
5, Via the locking electromechanics.
6, Via the lock general mechanics.

Personaly I'd start from the bottom of the list and work upwards.

One trick is to try a very powerful quite large magnet and see if you can work the electro mechanics of the bolt mechanism...

Anything below number 3 is unlikely to leave data in the software logs, unless he lock designer is sufficiently paranoid, and the USD price suggests they are unlikely to be...

Clive RobinsonApril 6, 2015 7:46 AM

@ Moderator,

We appear to have a "link looney" that's all atwitter about their own inability to be popular, they have posted their junk on this blog several times over the past few days.

Simon BartonApril 6, 2015 7:56 AM

The manual is on-line but doesn't inspire confidence.

"When finished the DanaLock will shop up on you web interface."

http://cache-m2.smarthome.com/manuals/73213.pdf

OK, so poor translation isn't a problem, but is an indication of their possible quality controls.

It will be broken at some point (clever people and a test piece can easily be bought), the issue then has to be how users are informed and how any corrective action (patching/configuration changes) are disseminated and implemented.

What is the current usage life for a door lock? 5 to 10 years or more. How long will this be supported for?

I wonder that the insurer's view of it is?

JeffApril 6, 2015 8:18 AM

There are many variations on this -- hopefully the patent holder is making a fortune. Pitched on Shark Tank, too. I have a version made by KwikSet on my interior garage door. With the phone in your pocket or a dongle on your person, you can just touch the rim of the deadbolt and the lock will open or close. Very convenient. As Clive wrote, mechanical hacking is probably the easiest and it's the same as an ordinary lock (because there's still a key slot). The company sends firmware updates to your phone app, and from there the code goes to the lock via Bluetooth.

DanApril 6, 2015 8:19 AM

It'll be "hacked" almost instantly, since the code will be either 0000 or 1234!

ThothApril 6, 2015 8:20 AM

Isn't this kind of electronic door locks already common place especially in server room access control and sensitive area but they are more heavily tested and are more expensive than the DanaLock.

I am rather doubtful how secure most RFID door cards or electronic doors are.

Spaceman SpiffApril 6, 2015 8:49 AM

Of course there is no mention of the security/crypto used by the system, if any. My guess is that you should stay FAR away from this cruft!

Spaceman SpiffApril 6, 2015 8:49 AM

Also, they should submit to an open audit of their security code.

wiredogApril 6, 2015 9:02 AM

What is the failure mode? If your phone battery dies or the phone is stolen, can you still unlock the door?

JeffPApril 6, 2015 9:13 AM

Expanding on Clive Roberson's list...

7, Attack a different component, the door. (Maybe it's considered part of #6?)

I know how to operate a chainsaw. If I want to be much quieter, a heavy sledge hammer will make one bang and the door is open. I could break a window, but then I'd have to climb through all that broken glass.

JeffApril 6, 2015 9:16 AM

@wiredog. The lock still works with a normal key, just like before. In case I don't have my keys, I've hidden a security box inside my garage with a spare key. If the battery gets low, the lock tells your phone and you get a notification. Also, there's a status LED on the inside.

one-ohApril 6, 2015 9:24 AM

@Clive, missing #7: Brute force hack attack on the door frame structure that involves strategic, kinetic placement of a foot belonging to a large person.

It's amazing how many door frames out there are vulnerable to this simple hack.

JurjenApril 6, 2015 9:27 AM

@trey
"We have customer service representatives available to help you unlock your home remotely in case something happens to your phone."
So the Goji lock has a attack mode not on the list: social engineering.

Martin WalshApril 6, 2015 9:48 AM

Notice that, whenever something new comes along it's expected to withstand more scrutiny than even the existing solutions?

At a crypto-conference some improvements were being presented and someone balked.."ha, what if someone sticks a gun to your head?" I wanted to ask if that same thing prevented them from using existing solutions. Of course it doesn't.

Information security is far and away the least innovative of all technology. That's why, if I wanted to design and build an encryption application I would choose good application developers 10-to-1 over security "experts" that have never deployed an application that a lot of people have to depend on. And I would definitely avoid the conceited Ivory-tower types that couldn't design shit. They're like a surgeon that hand YOU the scalpel.

I wonder how much mechanical testing you did, of that deadbolt you replaced. Probably none. You went to Home Depot like everyone else and bought an off-the-shelf clamshell packaged thing from China, went home and used a screwdriver to install it. But this? Be sure and fire a couple high-power rounds from a rifle at it, then clamp 440 volts to it and watch it glow red hot. Them come back here and comment what a piece of junk it is.

Dr. I. Needtob AtheApril 6, 2015 10:00 AM

The competing products generally have a distinctive appearance when viewed from outside. This one doesn't because it uses the existing lock hardware, and I think that's an important plus because if someone is going to try to hack it then they at least need to know it's there.

Clive RobinsonApril 6, 2015 10:59 AM

@ JeffP, One-h,

I did restrict myself to just the lock....

However you alwas have the "Michael Caine" solution ;-)

Or better yet an attack vector from Israel. A very wealthy representative for British Airways had a villa style house which had a lot of valuable possessions in it. As a consequence the doors, windows and walls were more "castle grade". However the owner or their security consultant forgot a lesson about castles from history which was not lost on the attackers. They simply turned up with a cherry picker etc and just took the roof off... Not as much style as Santa but certainly just as quick.

albertApril 6, 2015 11:06 AM

From the Goji ad:
"...Easily and securely send access to your home to anyone with a supported smartphone..."
.
Lovely. While inside, they can access your computer, your personal records, and start your car.
.
The 'latest' craze for lock attacks is liquid nitrogen. It's fast and very quiet. Virtually impossible to resist. Favored by bicycle thieves. LN2 attacks are characterized by lots of little lock fragments. Skill level required for implementation: none.
.
Have a nice day, y'all.

Clive RobinsonApril 6, 2015 11:08 AM

@ Martin Walsh,

Your comments suggest you actually have little or no experience of the design, engineering programing and security auditing of this type of stand alone electronic lock.

I'll give you a hint at the major problem, this lock is designed to give a years service on a couple of coin cells. Get your calculator out and work out what effect this is going to have on not just the electronics but the electromechanical components as well.

Then when you've thought up a reliable solution then test it's security.

If you want further hints search back on this blog, it's a subject that comes up frequently enough that it's been discussed in quite some depth before.

wiredogApril 6, 2015 11:46 AM

@ Martin Walsh
If I'm going to spend money on something new it has to be better that whatever is in place and working just fine, or at least well enough, already. If the basic lock costs $13, is the fancy lock worth ten times as much? Or am I better off spending the extra $150 re-enforcing the door frame?

This applies to crypto-systems and other forms of security as well.

ArclightApril 6, 2015 12:28 PM

For the paranoid, we sell a hackerspace-built, open-source access control and alarm system based on Raspberry Pi and Arduino for the firmware side. It's a drop-in replacement for commercial units that use electric lock hardware and Wiegand or RS485 readers. Check out:

http://www.accxproducts.com/wiki/index.php?title=Open_Access_4.0

Can be purchased at WallofSheep.com:

http://www.wallofsheep.com/collections/accx-products

It's also not prefectly secure, but you get a good platform to expand/improve/add your own applications to. It's a project that came out of our hackerspace, 23b Shop.

Arclight

GorbagApril 6, 2015 12:41 PM

If you're dumb enough to put this on a $13 Kwikset, crypto is the last thing you'll have to worry about. Five seconds with a bump key, or ten with a rake and tensioner, and someone is in with no signs of entry (barring forensic examination of the lock).

DougApril 6, 2015 12:53 PM

It does appear that in order to hack this device the culprit would need to be in a local jurisdiction. The police maybe able to catch the culprit.

The "August" is a similar device; http://august.com/ However, they REQUIRE you to create an online account, from which the device can be controlled and logs your use. With the August the culprit will know when you are not home and can unlock the door and never be in the same country.

d33tApril 6, 2015 1:32 PM

"Neat, but I'll bet it can be hacked."

All doors are built to be opened. None are safe from exploits.

LessThanObviousApril 6, 2015 2:34 PM

It seems like a solution to a problem that doesn't exist. As far as security, people tend to overestimate the level of effort required to break into a typical residence. A hackable lock just adds a layer of potential risk to an already penetrable space, though I don't like the idea of giving burglars a way to quietly open my door while I'm sleeping.

ruhlinApril 6, 2015 3:51 PM

I installed the Kwikset Kevo lock on all the doors in my house a few months ago.

It's not really as usable as it should be. I often have to take the phone out of my pocket and hold it "just right" to get the door to recognize it. Frequently have to re-launch the app. There's no web interface on that one either.

I'm not about to early adopt another one of these things.

Dr. I. Needtob AtheApril 6, 2015 6:31 PM

The Danalock website calls this "a revolution in security." That seems like an odd claim, considering that your door will still open with an ordinary key. This product has obvious potential to compromise your security, but it certainly can't enhance it.

Nick PApril 6, 2015 7:33 PM

Not sure what all the criticism is about. The product's security level is for the type of person who needs just enough security to make a crook pick a different house. That's the vast majority of people who buy more expensive locks, windows, etc. There's ways around all of them but they work most of the time for this goal. This product adds the benefit of convenience and reduced risk for forgetful people. It also adds convenience for high tech, targeted attacks that hit an embedded device, a protocol, and/or a specific phone in combination.

Which aren't common, I'll add. Clive's concern about the battery or some other component failing is the most realistic. Little things like that are why I like waiting for a COTS product to get used by quite a few people for a few years to ensure the kinks are worked out. Similar to my old Windows Upgrade strategy: ignore any release until it hits about SP2 to keep headaches lower. ;)

Nick PApril 6, 2015 7:43 PM

EDIT to ADD

So tired I forgot to revise to add my actual gripe with it. The main gripe I have is that it still leverages weaker tech for protecting doors. It contracts typical recommendations about door security (quick example). I'd rather see it combined with a deadbolt setup that's worth a damn and link to similar advice for customers. Then, they'd be improving the security of their customers in a real way.

Meanwhile, it's a product with similar security to a door protected by an average deadbolt that is also keyless and leverages something people rarely forget. That's the product in a nutshell.

Dr. I. Needtob AtheApril 6, 2015 8:19 PM

Nick P says, "The product's security level is for the type of person who needs just enough security to make a crook pick a different house."

No, it's for the type of person who doesn't need more security because the product doesn't add any security at all. It only adds convenience.

Nick PApril 6, 2015 9:53 PM

@ Dr. I. Needtob Athe

A technicality easily countered by another: it improves security for the person just adding security to their house or the forgetful person with the backup key in a fake rock.

Clive RobinsonApril 7, 2015 12:18 AM

Having concluded that,

1, It does not add to the physical security of the door or frame.
2, It potentially adds many new vulnerabilities.

So in the scope of the door and frame, it's at best on par but more likely a downgrade on security.

So let's widen the scope a bit to a single user, this is where it gets more interesting because on the surface it removes the need to have and control duplicate keys... But does it?

Actually no, because if you lose the physical key you use day to day, you still need a pattern key to cut a replacment for it, and thus this pattern key still needs to be controlled.

However even if you are carefull, and never lose your day to day key, you still need a pattern key, because your day to day key will become worn with use and potentialy break/snap, so you will need to cut a new one every few years.

So what do you do with your pattern key? Well unlike an emergancy key you can keep it inside the locked area somewhere. But this has other issues such as the old "Fagin's Boy" attack. That is someone gains entry via a small window left open for ventilation etc, to either let the crooks in or to find keys to pass on / sell to crooks (oh and don't be like everyone else and leave them in the kitchen / desk draw...). Similar attacks occur in server rooms / offices where people lift ceiling tiles to use the void to get over the door.

But the point Nick P is making about a "fake rock" applies not to a pattern key but to one or more emergancy keys which have to be outside the locked area for traditional systems. However if this is the only use for it, then like "smoke detectors" you will need to change the batteries way more often than you will use it, oh and you will also need to install the app on your new phone you upgrade about once every 18months, if the app is still available and will work on it in a couple of years time.

Thus the potential weakening of the security of the door and frame by adding this lock needs to be considered against the weakening of security caused by an emergancy key. Similar logic applies to "other access" keys used by other family members / office workers and "occasional / one time access" keys used by trades people etc.

You can make various "security tree" maps and assign your own weights of probability / risk to them, importantly though as consumer grade battary powered electronics are used don't forget to include that in the security tree, it will be by far the most significant risk.

But... don't forget the human element, ask yourself a question, what is your ratio between forgetting your keys and forgetting to charge your phone... most people I know very very rarely forget or lose their keys, forgetting or more often not being able to charge their phone is a weekly or monthly event...

Also ask your self the "putting out the trash" question, which are you more likely to do pick up your keys, pick up your phone or neither, when you carry out those trash bags leaving the door ajar, for a gust of wind etc to slam the door behind you?

From my point of view such a lock is going to be way way more trouble than it's worth even as a "geeky gimic". Because the only time I've ever had to call a locksmith was when some one had broken in and in trying to get out had turned a "blind dead bolt" the previous owner of the property had installed, and that was more than a quater of a century ago. All the locksmith did was use a chisel to lift the doorframe beading, and cut through the cheap deadbolt with a pad saw. He did this in preference to removing the quater light window and putting his arm through --which male idiot burglars tend to do-- because as he pointed out, the patterned glass might be difficult to replace.

Ole JuulApril 7, 2015 1:29 AM

Just a toy. I too wonder how long it will last, and note that a classic lock will easily last 100 years. Standard Yale locks are not all that secure as they're fairly easy to pick, but they have the advantage of being cheap to manufacture and buy. Lever locks (commonly called skeleton) are more expensive, but a 5 lever one is much more difficult to pick than a Yale lock.

So this one can probably not compete with the practical value (reliability and price) of standard locks. And it is not more secure because it is still as easy to pick.

I note one particular huge design fault. It uses electricity. The problem with electricity is it is not universally available, such as for example, gravity. Where it is found, it is also highly likely to fail. It is simply not something which can be used where both security and reliability is demanded. In that regard, I note that bank safes use a windup movement to determine the opening time window. There's a reason for that.

fajensenApril 7, 2015 8:07 AM

For me, the trouble is not that it can be hacked. The problem is that when it is hacked, how do I prove to the insurance that I was burgled?

The IT-skills amongst insurance-people, police and lawyers is not exactly top-of-the-class, to put it mildly, without derogatory language, and no improvement is in sight (because, if "they" admit that computers are hackable and can be controlled remotely by 3'rd parties, then the concept of jailing "hackers" and "pirates" is irretrievably broken. Servers just didn't happen, officially).

A normal lock will have scratches inside if someone picked or "bounced" it. Brute Force will always allow a thief to get in - but - this is even more visible and obvious to "the investigation" and therefore less of a problem.

JohnApril 7, 2015 10:25 AM

The problem it solves (a person forgetting his key upon exit) is even smaller than most of you seem to be thinking. I don't know of a single dead bolt lock that doesn't require a key to lock it upon exiting. There's plenty of spring loaded locks that you can lock without a key upon exit, but no dead bolt locks. So the main problem it solves is "Opps, I can't lock the door because I forgot the key, gotta go back inside and get it."

MatthiasApril 7, 2015 4:30 PM

@John: Before installing this lock you couldn't get back in without a key, now you can't get back in without your phone. Duh. You always remember your phone when you take out the trash?

AlexApril 8, 2015 7:41 PM

Yay! This product adds a SECOND method of defeating the lock. First would be attacking the mechanical lock itself.

That said, I'll admit to having major love for the Schlage keypad locks. Case in point: my HoA just had about 1/3rd of the keys for the condos "go missing." I never gave them a key, just a code. Easy enough for me to delete & give them a new one. BUT I have no illusion that this is any safer for my house. Each code I add is one more way for someone to get into the house.

jon dohApril 9, 2015 2:49 PM

@john: some people use their garage to get in and out of their house. my key ring includes house keys, but recently when i swapped cars with someone i realized i'd 1) forgotten to get my house keys off the ring and 2) also forgot to get the garage door opener out of the car.

JohnApril 9, 2015 6:42 PM

@joh doh & Matthias,

I think you both didn't get my point. This blue tooth device is intended on replacing the knob on the INSIDE of a preexiting deadbolt lock. And there are NO deadbolt locks on the market that you can actually lock without being in current possession of the key. So frankly, it's impossible to forget the key and lock yourself outside. It is possible to lose the key after locking the lock, but forgetting it in the first place just can't happen.

PatrickApril 13, 2015 11:29 AM

Heh, Bluetooth. Recently I was out in the driveway cleaning the interior of our Subaru Outback, and suddenly out of nowhere I could hear my wife talking over the speakers. Turns out she was inside the house making a cell phone call to her sister. She had previously introduced the cell phone to the Subaru so she could do hands-free calls while driving.

Well, the Subaru's Bluetooth evidently sensed her making a call from *inside* the house, and decided oh what the heck, let's just patch her phone call *already in progress* to the car's speakers so her husband can hear it!

Yeah, Internet of Things -- no-ho-ho thank you!

Sherwood BotsfordApril 15, 2015 8:46 AM

When our house was burgled last year, I looked at electronic locks.

Executive summary: I installed Schlage manual deadbolts.


Looked at Kevo. It felt flimsy. It has to have very free movement for the tiny motor to move the bolt. This is a general problem with these locks. Any drag results in quick motor failure. Reviews on Amazon on this and other electronically operated locks showed serious reliability issues. A motor failure requires you to use the mechanical key.

Electronic combination locks were a bit better. The neat thing about them is the ability to put in multiple combinations. So you can give the repairman a temporary combination However there are still reliability issues.


***

One issue that comes up: Insurance companies often want to see proof of a breakin. The proof is a busted door or window. Any system that can be subverted without clear signs is a problem.


Defense in depth:

1. I have good, but not wonderful locks. They are rated as being difficult, but not impossible to bump. These will keep out the casual - try the doorknob - thieves. I have also replaced the screws on the hinges with 3 inch screws so that a good kick on the hinge side doesn't send the door flying.

2. I picked up a couple of those wildlife cameras. They sit in inconspicuous places that can get a face shot of someone LEAVING the house. Someone carrying a TV or computer is less likely to be watching for surveillance. A similar one outside is positioned for the license plate.

If I had more to protect, I'd consider live PoE cameras, or still frame HD cameras that reported to a server, and the server store and forwarded to a cloud account. To defeat this they have to turn off our internet (on UPS) turn off the cameras before breaking into the house. Since the cameras are Power over ethernet, they need to know how long the UPS powers the system. Not impossible. But less likely. It would be easy to set this up to have 24 hours back up capacity -- and to send my phone a text as soon as external power failed.

BooApril 15, 2015 9:45 AM

Electic locks.

Forced off the road in a well-coordinated ambush, surrounded by drug cartel gunmen brandishing AK-47s, Zapata and his partner, Victor Avila, rolled to a stop. Zapata put the vehicle in park.

The door locks popped open.

The Suburban driven by Zapata was outfitted by Arlington-based BAE Systems, a U.S. subsidiary of the British defense contractor, maker of tanks, submarines and jet fighters.

Disabling the unlocking mechanism on a Suburban is a relatively simple process, armoring specialists say. The setting can be adjusted on the vehicle computer by the driver or permanently altered in favor of a manual system.

U.S. officials say all of the vehicles in Mexico were reprogrammed to address the flaw after Zapata’s death. But armoring contractors point out that if the computer on the Suburban is reset — by a power failure or a battery replacement — it will revert to the default setting, leaving the vehicle vulnerable again.
http://www.washingtonpost.com/world/the_americas/armored-suv-could-not-protect-us-agents-in-mexico/2012/02/13/gIQACv1KFR_story.html

kruemiApril 16, 2015 1:36 AM

We built something alike (even easier to use, doe not require an App, just a Bluetooth enabled device) from a Rapsberry Pi, a custom PCB (with optocouplers) and an old external CD_Burner-Case for our Hacker-Space.

Sure, there are ways to trick it, but it is not as easy as it seems on first glance.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.