blog
Open Menu
Product
Solutions
Resources
PrIcing
Guide Downloads
Access Control Basics

Hacking Smart Locks with Bluetooth / BLE

By Bernhard Mehl
August 13, 2018

At the annual security conference in Las Vegas, Defcon 2016, @jmaxxz, Anthony Rose and Ben Ramsey introduced different ways how bluetooth smart locks can be hacked [we were a little disappointed to not be included as we always like to be challenged on our security]. 

4 devices to get hacking:

  1. Passwords were transmitted in plain text, making it easy to extract passwords using a bluetooth sniffer like the Ubertooth One or Bleno.
  2. You’d need a Bluetooth Smart USB dongle to broadcast
  3. Raspberry Pi
  4. A high gain directional antenna
Bluetooth hacking

To make it easy for everyone we’ve summarized the main reasons why these locks were compromised:

  • Replay attacks – simply recording and replaying the signal unlocks the lock.
  • Vulnerable to fuzzing – meaning to change bytes of a valid command to get the lock into an error state that gets it to open. (Okidokey)
  • Decompiling the APK used to unlock the smart lock by downloading the APK from the Android device, converting from dex to jar and then decompiling it. (Dana lock)
  • Device spoofing (Bitlock Padlock)
  • Adding a backdoor into the lock by a guest user allows to reset to factory settings and open lock. (August lock)
  • Brute forcing because they only have 8 digit pins.
  • Master API Admin code was hard coded in the hacked August Lock. Here are some of the original images:
bluetooth encryption
Static

Some feature of the “uncrackable” smart locks:

  • Proper AES encryption
  • Truly random nonce (8 – 16 bytes)
  • 2-factor authentication
  • No hard coded passwords
  • Long passwords allowed (16-20 characters)

Reading some of the comments in the Hackaday post suggests it will not take long till we see Bluetooth locks showing up in a CSI TV show. Let’s hope manufacturers will be more transparent with regards to their security standards and also communicate them to end users. In the end the strange thing about this whole discussion is that it’s not the lock that makes things secure, it’s the communication to and from the lock. Mechanics still work the same way they always did.

5d08d831370a895c58eec465
template-9
container

Phone-based systems are not just a small-business solution. CEO of Kisi, Bernhard Mehl, comments: “If you see the average of three doors connected then that might seem low but, in reality, one door relates to around 50 employees—so those are locations with about 150 people on average, including satellite offices. That’s quite significant.”

Mobile Access Control Adoption by Industry

Kisi examined which industries are investing the most in mobile access control technology. To do so, the average size of mobile access control installation projects by industry were measured. Commercial real estate topped the list with 23.5 doors running mobile access per facility. Education management came in last with 1.0 door running mobile access per facility. 

Physical Security Statistics: Mobile Access by Industry


The number of shooting incidents at K-12 schools, according to the CHDS, reached an all-time high at 97 incidents in 2018—compared to 44 in 2017. Cloud-based access control companies, like Kisi, offer a lockdown feature for active shooter situations or emergencies, making it an effective protective layer for places that are targeted, such as religious institutions, which come in near the top of the list with 4.0 doors running mobile access per facility. 

Based on industry size, it makes sense that commercial real estate tops the list, with 23.5 doors running mobile access per facility. Cloud-based access control enables these larger organizations to scale more seamlessly and allows large organizations, like telecommunications, to deploy the most manageable IT solutions available, eliminating the need to create and manage a business’s own IT infrastructure over time.

“Commercial real estate is, of course, the driver of mobile adoption since they have the largest buildings,” Mehl adds. “The key here is to show that mobile-first technologies are not a risk but an innovation that brings positive ROI and allows agencies to reposition their buildings as forward-thinking establishments.”

The scalabelilty and ease of use in onboarding an organization allows many different types of industries and businesses of different sizes to adapt a cloud-based access control system, either using keycard or mobile credentials for access. 


Mobile Access Control by State

Looking specifically at the United States, Kisi analyzed in which states companies are investing the most into upgrading to smartphone-enabled access systems. Of the currently installed base of access control readers, around 20 percent will be mobile capable by 2022, according to a recent IHS report. Cloud-based systems, like Kisi, are future-proof—allowing over-the-air updates in real time and unlimited scalability for users.


“Mobile unlock technology makes you think of the major tech hubs like New York, San Francisco or Los Angeles,” Mehl adds. “Looking at which states have the largest projects, it’s surprising and refreshing that those are not the typical ‘tech cities, and yet that’s where access control technology really makes an impact.” The fact that the largest projects are seen in states outside of the typical tech startup landscape is evidence that mobile access control is highly applicable across industry sectors.


For further questions about this study, reach out to Kait Hobson (kait@getkisi.com)

Bernhard Mehl

Bernhard is the co-founder and CEO of Kisi. His philosophy, "security is awesome," is contagious among tech-enabled companies.

Related Articles

Types of Physical Security Threats You Should Know
June 29, 2018
AdVisory
Security, Scalability and Growth: Toward a Comprehensive IT Strategy
October 18, 2018
Everything You Need to Know About Warehouse Security
November 15, 2018

Stay updated with Kisi about news and feature releases

Free access to our best guides, industry insights and more

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Fail Safe vs Fail Secure
Best Resources
Access Control - Sample RFP
Physical Security Assessments
Mobile Access News
Employee Spotlight - Karen
Smart Door Alerts
Digital Employee Badge
Chat with Founders
Device Management
Hacking HID Keycard with $10 Device
Hacking HID with Wiegand Protocol Vulnerability
Copy prox HID ID Card
Workplace Tool Deployment
Access Control API
WiFi Speed Test Apps
Communication Protocols Used by IoT
Kisi for Slack
Building a Slack Doorbell
AC Installation Costs and Price per Door
Name Badge Templates
HIPAA Compliant
Cutting Slack
Solutions for Old Key Fobs
SEO for Coworking Space Websites in 2019
Office Security
IoT in Physical Security
Smart Locks Hacked By Bluetooth
Beacon Security Issues
Running a Successful Coworking Space
Kisi iOS 4.0.0 Release
IT Budget Planning
3 Tips for Coworking Spaces
Choosing Electrical Contractor
NICU Security
Signs to Change Access Control
Top 3 Safety and Security Tips for Airbnb Hosts
What is IoT?
Microchip Tagging Oneself
Office Design Productivity
7 Tips to Prevent Cloud Security Threats
Coworking vs Facility Management
Benefits of Cloud Access Control
Avoiding Locksmith Scams
10 Cloud Tools
Carrying Out Vendor Security Assessments
Ultimate Real Estate Apps Guide
6 Layers of Security Your IoT Setup Needs
Internet Of Things in the Workplace
2018 Most Influential People in Coworking
Top HR Influencers to Watch in 2018
Employee Spotlight - Jorge
Types of Physical Security Threats
HID Card Types
Remote IT Management
Identity Access Management Tools
Access Control System Maintenance
How Do Hotel Key Cards Work
Physical and Cyber Security Convergence
How to Set Up Your Enterprise WiFi
Step-by-Step Tutorial: How to Copy or Clone Access Cards and Key Fobs
GDPR Public Announcement
How to Calculate Facility Code Using Card Bit Calculators
Authentication Protocol Overview: OAuth2, SAML, LDAP, RADIUS, Kerberos
How to Avoid a Demagnetized Key Card or Key Fob
HID iClass SE Reader - Take a look inside the components | Kisi
How to Share Your Company WiFi Password Securely
Equipment Leasing Models
Magnetic door lock troubleshooting
On and Offboarding
Employee Spotlight - Alberto
Door Entry System Options For Gyms
Church Security Policy and Procedures
School Security, Safety and Access Control for Plan Education
Hospital Access Control
Employee Spotlight - Nate
3 Types of Cloud Access Control for Elevators Using Kisi
The 2 Burglar Alarm Options for Offices: Simplified With Kisi’s Access Control
Employee Spotlight - Jamie
How IoT Drives the Convergence of Cyber and Physical Security
Physical Penetration Testing Explained
How Security Can Increase the Revenue at Your Shared Workspace
Kisi Implements Free Access Card Security Test
Converting Corporate Headquarters to Coworking With 24/7 Access Control
Interview With Workspace Strategies
Keyless Access Control for Flexible Workspaces
Using Kisi With Fire Alarms
iWatch Series 4 Release: Did You See That Apple Door Reader?
Internet of Things Technologies in Smart Buildings for Flexible Workspaces
Kisi Named to Inc. 500 List of Fastest Growing Companies
IoT Marks the Convergence of Physical Security and Cybersecurity
The Future of Self-Storage: Q&A With StoreMe
How to Design and Equip a Best-in-Class Conference Room
The IT Experience on Becoming a Certified Google Administrator
Using Modular and Flex Spaces to Foster Collaboration
Security, Scalability and Growth: Toward a Comprehensive IT Strategy
Employee Spotlight: Mateusz
Daycare Security Measures: Door Locks, Unauthorized Access and Security Breaches
Everything You Need to Know About Warehouse Security
Synagogue Security Plan and Safety Procedures
Access Control Basics
Access Control Technologies
Guides
Useful Resources