10

There are a few interesting Bluetooth door locks on the market that use version Bluetooth 4.0 however there seems to be a few issues with this

  • E0 Encryption flaws

  • Risks during pairing

  • Attacks unique to operating environment (temperature, installation, nearby RF)

  • I'm opening up my mobile device to various Bluetooth attacks

.. and to top it off I believe it's possible to "war drive" and locate these locks of interest without being physically close to the lock.

My question is; are these risks reasonable for me to consider? ...or am I being prudent in not using Bluetooth locks on a home I'd rather keep low-profile.

The convenience factors are very intriguing but I want to make sure I fully understand the risks before installing it.

Community
  • 1
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • Any links to 'war-drivign' bluetooth locks? Its the first I've heard of it but it sounds interesting :) – NULLZ Aug 13 '13 at 09:19
  • @D3C4FF No links per se, but if a mall can scan shoppers for Bluetooth phones I would think a person can scan homes for Bluetooth locks – makerofthings7 Aug 13 '13 at 11:43
  • @NULLZ https://wigle.net/ has a map and tools for Bluetooth wardriving. – Marcel Dec 02 '19 at 06:29

4 Answers4

6

Very interesting Technology Indeed

If the technology is designed, developed and safely, then it can be fairly secure. It seems to provide a lot of cool features.

  • Configure keys to access house centrally on "App".
  • Deploy "Key" to person as needed and for agreed timeframes and without physical delivery.
  • Decommissioning keys as needed.
  • Many keys possible, named and configured and reported.
  • Bluetooth wardriving might be possible, but can be minimised/eliminated by system provider.

BUT: It introduces additional risks

  1. The Key System provider has full control and access to your home.
  2. The Key System provider must stay in business to continue to use the locks.
  3. Internet access can be actively disrupted and stop certain features from working (wipe/disable of keys)
  4. Design bugs in the system (not enough information on site to tell).
  5. Implementation bugs in the system, includes their web systems (may allow complete access to attacker).
  6. If important: Government can access your home surreptitiously.
  7. Denial of Access to home: System fault or bluetooth radio could stop ingress or worse egress from house (Think about how you would access you home if the key system was inoperative, remember that the key will not be pickable by a locksmith).
  8. Remote or physical compromise of any phone with keys could compromise your house.
Andrew Russell
  • 3,633
  • 1
  • 20
  • 29
  • I think point 7 is enough to keep me away from using such locks. You are reasonable I would say. – AdnanG Aug 13 '13 at 08:14
  • The egress part from point 7 could be solved by adding a physical emergency door open button. – Hennes Aug 13 '13 at 12:12
  • Hi @AdnanG with adequate mitigations point 7 can be worked around with a little forethought, but 5 and 8 are the killers. – Andrew Russell Aug 13 '13 at 22:46
4

Technologically, there is no reason that later classes of bluetooth (2.1 and after) shouldn't be able to be used securely. The 2007 E0 vulnerabilities were addressed in alterations made to the bluetooth spec for 2.1 and later and encryption was made a required portion with alterations made to the pairing process.

Given a secure pairing (which can be verified that the device opens the door) and a proper implementation by the manufacturer or the lock (which uses a secure pin or key pairing process), the lock should be significantly more secure than a typical pin and tumbler.

There are two main sources of concern that I can identify. Both relate to complexity. The main beauty, as well as the main weakness, of a traditional pin and tumbler lock is the simplicity. It is a fool proof and near failproof device because it simply involves lining pins up with the edge of a cylinder, but this also is what allows them to easily be picked.

A bluetooth lock on the other hand is a complex electronic device that has many more parts that can break. A well designed device could be designed to either unlock or remain locked when it fails. For exit from the inside, it should ALWAYS fail by allowing exit, from the outside, it is up to your preference if you would prefer fail as locked or fail as unlocked.

This is largely offset by the fact that electronic locks have been used commercially for many years now with a high degree of reliability, so it isn't a completely new thing. I would recommend that such a lock should have an established standard fallback method of access such as an HID (or similar) proximity card access that could be used to override the bluetooth features in the event of a bluetooth subsystem failure or a failure of your bluetooth device. It could also serve a dual purpose by requiring the proximity card for pairing in order to prevent unauthorized pairing of devices.

The second and bigger weakness would be the further complexity and loss of independence of any externally connected system. If the lock is web connected in to an external service, that external service now may have control over the lock and may be a source of compromise for the system integrity. A decent cryptographic challenge/response is strongly expected to be secure, but a web service providing advanced features has a much higher likelihood of having problems depending on how features are implemented. It adds a huge amount of unknown to the system and I'd be hesitant to use such features unless the standards were well known, published, and perhaps something I could run myself.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110
  • As a personal addendum. I did eventually decide to make use of Shlage's smart deadbolt. It isn't bluetooth based specifically, but while the concerns of compromise of the automation system are a factor, the chance of someone simply picking or bumping the lock are a much greater threat than a technically sophisticated attack when compared to the ability to remotely verify the locked condition of my door and remote open for authorized visitors. (I'm also making use of a video doorbell for secure identity verification.) – AJ Henderson Mar 10 '16 at 21:21
0

There is no widespread certification procedure for Bluetooth locks' digital security at the moment.

This means using one is putting your security and privacy at the mercy of the lock's developer.

As Bluetooth locks are an innovative product, they follow the usual innovation model: release new features to market ASAP, fix reported bugs later, and plan to actively look for them sometime after you've hit it big.

Serious vulnerabilities in bluetooth locks have been reported. These include professional smart lock systems used in hotels and not just home appliances, which can be designed as badly as to transfer passwords in plaintext.

Electronic locks have been used for decades and can be highly secure, but Bluetooth locks are a new development. The Bluetooth protocol is more complex and the key in these locks has to run in vastly more complicated software environments than a NFC smart card.

At present, Bluetooth-based locks can be a useful addition to the environment, but not as the only lock on the door. They are reasonable to consider for managing access through interior doors, between mostly-trusted people, as long as access to the premises as a whole is controlled by more secure means.

ZOMVID-21
  • 2,450
  • 11
  • 17
0

Looking at the Kevo by Kwikset locks that you link to, the sophisticated attacks possible via bluetooth probably won't come into play - most of those locks appeared to have a standard key mechanism included.

The problem with that is that I'm pretty sure Kwikset and their competition aren't putting in high-security cylinders - I'd bet they are the same ones my house has. I'd bet they aren't that hard to pick, and might even be bumpable.

Michael Kohne
  • 111
  • 4