With the evolution of IoT technologies, our homes are welcoming more and more smart products. The smart lock is one of those hot products brought by this trend. Its installation has witnessed exponential growth at homes. However, quite many potential security problems entailed by smart locks should not be ignored.

The Research Report on Quality and Security of Smart Locks issued on July 20, 2021 by China Saibao (Shandong) Laboratory, indicated that most of existing smart locks entails security hazards, in which some doors get unlocked without permission,  some are vulnerable to privacy invasion.

As an intelligent enhancement over traditional mechanical locks, a smart lock comes with extra features such as digital key sharing, remote status monitoring, and interworking with other home devices after connecting into a same network. But it is subject to different kinds of attacks. The lock itself, the home gateway to which it is connected, the App, the communication protocols (i.e. WiFi, ZigBee, Bluetooth) ,on which it runs, are all liked to be attacked and lead to hazards to  the smart lock, the premise and its users.

Here are 3 common ways that can unlock the smart lock without authorization:

1. Making a fake fingerprint
2. Duplicate the IC card
3. Short circuit or open circuit the control board

After testing 38 smart locks of different brands in the market with the above three methods, only 8 locks passed the security test, while the other 30 locks failed. Through analysis, we pin down following 3 reasons behind the hazards:

1. Vulnerability in 3-Party Identity Authentication

There exist vulnerable points in the process of 3-party identity authentication that involves the mobile phone, the smart lock device and the cloud. They make the solution subject to impersonation attack, hence even further pose threat to the entire system.

2. Vulnerability in Data Link Security

Different communication modes are applied in data traffic among the mobile phone, the smart lock and the cloud. It requires each communication mode to adopt stable and reliable data encryption, otherwise, it may cause data disclosure and loss the control of whole-home systems.

3.Vulneribity in Privacy Protection Mechanisms

The privacy information, such as your password, fingerprint, IC card, and face ID, is crucial data for identification and unlock the smart lock. Once it is divulged, the consequences will be disastrous.

Solution:

Bluetooth 4.2 is the currently a mainstream technology to solve the security hazards mentioned above. By introducing RF star’s Bluetooth module RF-BM-4044B2, which supports BLE5.0 and BLE4.2 into the smart lock solution, we shake away above mentioned risks through several mechanisms listed below.

1. Worry about risk from fake fingerprints?

With embedded Bluetooth modules, you can unlock the door through Bluetooth, no need to touch the door lock, no need to worry about your fingerprint being copied.

2. Worry security of three-party data exchange?

The control software that comes with the RF-BM-4044B2 module includes AES 256-bit encryption and asymmetric double cryptographic algorithm to ensure the security of three-party data exchange.

3. With this Bluetooth module embedded, one can use your phone to read the information of the smart door lock, monitor its status and authorize the entry permission to ensure higher security.

Shenzhen RF-star Technology Co., Ltd., a renowned Bluetooth module manufacturer based in China. It can offer BLE modules as well as relevant solutions to global customers to support their customized applications. It has accumulated rich experience in supporting smart lock makers in the last 10 years.