Question of the week:How secure are smart door locks?
Question: “I’m considering fitting a smart door lock in my home so that in an emergency I can also open it using an app. However, I’ve got my doubts as to whether these types of lock are sufficiently secure. What do the experts think?”
Answer: You’re right. What’s there to enjoy about being confronted with a standard door lock: Search for key, insert key, turn key, and once inside perhaps even insert the key again to lock yourself in. How tedious. Smart door locks simplify everything. They can be unlocked easily using an app, chip, remote control, or even fully automatically. But you’re right to question the security of such solutions.
Manufacturers have done their homework
In principle, the security of the door lock depends primarily on the locking cylinder. This is because the majority of solutions fit over the old one. A burglar can’t see that there’s a smart lock on the other side of the door. But even if they do know, there’s virtually no chance of them hacking the lock – this is at least what the experts from AV-Test have concluded. Six of the latest smart locks from a range of manufacturers were put through their paces in a test. The conclusion: “Convenience doesn’t have to mean insecure.” In terms of security most of the devices tested of this product group were refreshingly different from other smart home devices, which often had striking security shortcomings. All in all, the testers gave the smart lock manufacturers the thumbs up. Five of the six locking systems evaluated offered solid basic security with theoretical vulnerabilities at the most. Smart locks from eQ-3, Noke, and Nuki passed the test, even achieving three out of three stars – a solid security level and exactly what you’d expect from a smart locking system.
Bluetooth virtually uncrackable
All the smart locks evaluated support local Bluetooth communication. And on all the units, the communication between the lock and the mobile device proved to be secure. For Bluetooth communication, the locks mostly send and receive using the 4.0 standard (1 milliwatt, Low Energy), which offers a maximum wireless radius of ten meters. As such, if Bluetooth communication is going to be attacked, the hacker would have to be really close to the lock. By default, the smart locks use encryption, mostly 128-bit AES. This means that the transmission of commands is securely encrypted. When asked, Christoph Clasen, from the State Criminal Police Office in North Rhine-Westphalia, Germany, also confirmed that in Germany there have so far been no reported incidents of successful attacks on these types of lock. He stresses that, “While there certainly is a theoretical possibility of overcoming electronic cylinders, the effort involved is much higher than with a mechanical cylinder.” He also adds that if a security vulnerability is found, the manufacturer can fix this quickly by issuing an update. That’s good to know – after all, smart locks with lax security could be as good as leaving your door open with a welcome sign for burglars.