Research on smart-locks cybersecurity and vulnerabilities

Abstract

Smart-locks have become increasingly popular for access to homes and businesses in many countries, because of their ease of use and adaptability. These locks offer a simple and secure alternative to traditional key-based entry, making them an attractive choice for both residential and commercial properties. Nevertheless, it is essential to acknowledge the potential security threats that come with any new technology. The security of smart-locks is particularly critical, as a breach could result in unauthorized entry. Since the smart-locks can connect, there are different ways to check if vulnerabilities can be found easily or on the contrary, if the security level is high. Two of the main ways of checking the security level of this kind of IoT device are the information that can be obtained from the Android application and the security level of the Bluetooth connection. Many vulnerabilities can be found in the Android smart lock management application. This application is very useful to perform all the configurations with such a lock, but if it is not properly implemented and secured, it can provide clues for malicious users to perform unauthorized access to the system. Another security factor is the Bluetooth connection. This ensures that only authorized users have access to the property. In this work, we have analyzed the security level of different parts of smart-locks. In particular, we have analyzed the security of the applications for the most important smart-locks on the market. This study reveals relevant information such as whether the application is obfuscated or not, the encryption algorithm for the Bluetooth connection, or relevant URLs that applications use to connect to the cloud. The security of the Bluetooth connection between the smartphone application and two selected smart-locks was also analyzed. It was demonstrated that if no encryption is used for the Bluetooth connection, the smart-lock is not secure, but if AES encryption is used, the security level is high.