Until just a few years ago, smart locks were seen as futuristic technology. In a recent survey however, 56% of US households said they are comfortable with smart security devices. As smart locks use all kinds of wireless tech however, it’s only natural to wonder 'can smart locks can be hacked'?
With any wireless technology hacking is a risk and smart locks are no exception. But they are not easy to hack. If smart locks are installed correctly, their software is kept up to date, you keep your passwords safe and the connection to the lock is secure then they are extremely difficult to hack.
Rather than the locks themselves being insecure it’s usually the wireless connection that opens up an avenue of attack for hackers. Because smart locks need some kind of wireless connection (Bluetooth, Wifi etc) it is critical that this connection is fully secure in order to keep your smart lock safe.
Below I go into more detail about the safety and security of smart locks and answer various other related queries on the topic.
What Is a Smart Lock?
Before we go any further, let’s define what a smart lock actually is.
A smart lock can be defined as a digitally controlled lock that can be locked and unlocked remotely or locally with some kind of wireless device or keypad. Many smart lock can be controlled via an app on a smartphone, a dedicated electronic fob or just a simple keypad with code or biometric access.
Many smart locks can also be controlled with voice recognition through smart home assistants like Alexa or Google Home. Smart locks connect to devices like a smartphone or fob via wireless communication protocols such as Wifi, Bluetooth, Z-wave or Zigbee.
Are Smart Locks Easy to Hack?
To help answer this question, I discuss how hackers or thieves might be able to hack your smart locks as well as solutions to prevent them. This way, you’ll be able to develop an understanding of justhow easy it is to keep your property safe with a smart lock. Here’s how:
1. Password Hijacking
The most straightforward way to hack a smart lock is through password hijacking. This normally only happens when a thief or hacker has stolen your smart phone. Once they’ve gained possession of your device, they’re able to jail-break into your cloud files. If you’ve synced your smartphone with your smart lock, it can sometimes contain files about your passcode, fingerprint, or voice recognition audio.
Solution – To avoid this from occurring, delete the data when you realise your smart phone has been stolen. If you have an iPhone, you’re able to achieve this through “Find My iPhone”. For Android users, this will be “Find My Device” (see screen shots below).
2. Bluetooth Sniffing
Most smart locks have Bluetooth connectivity. This opens up a rare but still possible avenue of attack for a hacker to use a Bluetooth sniffer to get access to lock. This is rare as it requires the hacker to be very knowledgeable about code and they would also need a few pieces of complex computer hardware to “sniff” the information out of your device via Bluetooth.
Due to the limited range of Bluetooth, one other thing that makes this more difficult is that a hacker would need to be physically close to the lock in order to do this.
Solution – Always ensure your your smart lock uses a complex Bluetooth authentication system that has the highest encryption levels.
3. Wifi Breaching
Hackers may be able to breach a smart lock by hacking into your home Wifi. If someone did manage to logon to your home network they still have a lot of work to do however.
To hack a smart lock via your Wifi connection they will need to be able to access the lock through your account or hack into a vulnerable smart hub.
Getting hold of your access details would require them to gain access to a computer or device on your network that has saved your credentials.
However, I only know of one incident where ethical hackers managed to hack a smart hub so the chances of this happening are extremely low if you have a reputable smart hub and keep the firmware up to date.
Solution – This can only happen if a hacker gains access to your Wifi network. To stop this ensure that you create a strong password for your Wifi and change it regularly.
You can also stop broadcasting your Wifi so that it is not easily discoverable. In combination with this, make sure that if you have a smart hub, it’s not a cheap one (ie created by a company that doesn’t have the resources to regularly test for vulnerabilities and release updates).
4. Voice Command Hack
Controlling your smart locks with voice commands is certainly convenient and it also feels very futuristic, but it can leave the door open (literally) to a very simple hack.
Most smart locks require that you give a pin code when asking a smart assistant like Google or Alexa to unlock your door. Locks that utilise Z-Wave are an exception.
As demonstrated in the video below from C-Net, if your smart lock uses Z-wave you can create a custom voice command that unlocks the door without a code.
Setting up your smart lock so that it doesn’t require a code every time is convenient but it is very insecure. Without a code, anyone who knows the proper voice command can control your locks. This can even be done from outside your house with the use of a transducer.
Solution – The prevent this kind of hack, you can simply decide not to use voice commands to control your smart lock. If you do want to use a smart assistant to control you locks then make sure the lock you use requires the use of a voice pin code… and don’t disable it!
5. Software Update Problems
One other potential problem that could leave your smart lock unusable (bricked), is that of software/ firmware updates. Like most other bits of computer hardware, smart locks require regular updates from the manufacturer.
These usually address minor bugs with the software and or add additional functionality. This is usually a good thing, but consider what happens if the updated software has a problem. This could in theory (and actually has happened in practice – see below the issue with LockState) cause the lock to become unusable.
Whilst this wouldn’t automatically open affected smart locks, what it could mean is that, if the lock was in the unlock state when updated you may not be able to lock it and vice-versa, if it’s locked then you might not be able to unlock it. Either way you will either be left with an unsecure property or you might not even be able to get into your house!
Solution – To overcome this you could simply add a backup lock on your door for use if the smare lock fails. If you have another way in and out of your property then consider using a standard, non-smart lock on that door so that you always have an alternative door to get in and out of your house.
Even though there are solutions to most smart lock hacking issues, what I really wanted to know before buying one was whether or not any of these problems has actually resulted in real world problems for homeowners. Which brings me neatly on to my next question:
Which Smart Locks Have Actually Been Hacked?
There is a difference between the potential for being hacked and it actually happening. If you are like me, before buying one you’ll want to make sure that the company has a solid record and has not had any reported issues of being hacked.
After digging into this, I found several examples of popular smart locks being compromised. It’s important to note that with most of the examples below, for the locks to actually be opened would require a very specific and rare set of circumstances that are outside the scope of most would be burglars.
LockState Firmware Update Issue (discovered 2017)
A company called LockState, had of issues while trying to update their firmware back in 2017. Due to this, it was estimated that around 500 devices were affected, leaving people unable to use their smart locks
UltraLoq Data Insecure (discovered November 2020)
Whilst there are no reports that the UltraLoq devices were actively hacked, a vulernability was discovered by an ethical hacker that showed data was easily available on shared cloud storage to someone with the knowhow to physically locate the locks and open them.
August lock Wifi issue (discovered August 2020)
August locks are considered to be one of the most secure on the market. However my research revealed that even these locks do have one known vulnerability (not yet fixed at the time of writing).
Using this vulnerability, hackers would not be able to unlock your smart lock remotely but they could conceivably get hold of your Wi-Fi login and connect to your home network.
KeyWe Bluetooth Sniffing issue (discovered December 2019)
Security consultants F-Secure found a weakness in the KeyWe smart lock that could allow hackers to intercept the passphrase that is sent between KeyWe’s smartphone app and the lock.
By sniffing the Bluetooth communications between the lock and the smart phone, F-Secure researchers found they were able to interept the key commands for the smart lock, which they could then use to unlock the door.
As we noted in earlier in this article, this would require an would-be attacker to be very close by when you are actively locking or unlocking the smart lock, so although it is a valid issue, it’s not that practical for a hacker to actually make use of.
Are Smart Locks Insurance Approved?
Not all insurance policies are the same, so you’ll need to become knowledgeable about whether or not your property is still insured after installing smart locks. But, don’t worry, they typically are, but some policies offer a limited cost coverage because the locks are new within the security market.
Before installing smart locks it’s therefore a good idea to check your home insurance. The last thing you want to encounter is being denied a claim due to not declaring your lock changes.
After reading the above, I’m sure you’re intrigued with what’s available on the smart lock market. If I’m right, I suggest you read below. Here we go into detail about the best smart locks available today
What Are the Best Smart Locks?
When investing in a smart lock, you’ll want something reliable, secure, and well-known for these traits. To save yourself the hassle and from purchasing something not suitable for its application, I recommend you choose one of the below.
Schlage has a fantastic reputation for security and quality. This would be my recommended smart lock. It has built-in Wifi and connects directly to your home network . This mean no hubs or other accessories are necessary. This lock also integrates with Amazon, allowing secure access for home deliveries.
Yale is the most prominent smart lock manufacturers within the industry, and this lock is stylish, can be synced to Google Assistant or Alexa, and is easy to install.
If you’re looking for an inexpensive smart lock, then this one by Wyze may be of interest. Unlike the others, this lock doesn’t integrate with any other company’s products, but it still provides a secure smart lock experience.
This smart lock by August can be easily installed and sync with various popular cloud-based systems like Google, HomeKit, Alexa, IFTTT, and much more. It’s has a simple design and is crafted from durable material.
The Kwikset Halo Wi-Fi Smart Lock is an excellent investment for anyone looking for an easy to install, stylish device that can be synced to many cloud-based software’s.
With the above selection, I’ve tried to cover everybody’s needs and price ranges. Without a doubt, these are leading brands within the industry, and you’ll undoubtedly be pleased with their products.
With any kind of wireless or internet connected device there is the risk that it can be hacked
The largest manufactures of smart locks are constantly improving their products and responding to potential hacking issues. If you are interested in getting a smart lock you have to weight up these risks against the convenience and other benefits it will bring.
It’s worth remembering that your average burglar is not some tech genius (no matter what you see in the movies!). They generally do not have the advance knowledge or skills needed to hack smart lock in order to get access to an ordinary home.
After all, traditional locks have always been vulnerable to being picked. You reduce this risk by buying a good quality lock. The same goes for smart locks, if you are securing your home don’t trust it to a cheap smart lock!
So, now you understand more about smart locks, will you be considering purchasing one?