How secure is a smart lock?

On slack someone asked who was using a smart lock, and if they had done a security assessment. A very good question!

Since I am a security expert by profession, I wanted to share my slack response also on the forum, and invite you all to add your insights and experiences here.

If you want security from skynet, go live in a bunker without internet. Everything can be hacked. Without Nuki my door could be opened with a crowbar or similar. Now that I have Nuki, that has not changed (actually, that is why I wanted Nuki, it keeps the physical lock/door/key and certifications completely unchanged).

But by adding Nuki, new attack vectors are introduced for burglars. Potentially one could physically access the Nuki on the inside (drilling, letterbox, breaking a window, …) and physically turn Nuki open.

From a cyber aspect one could hack the BLE signal locally, one could hack the Nuki bridge API, one could hack the Nuki cloud API, or use the webinterface using the user credentials. And now that I have linked it to Homey, also by hacking Homey one could open the door.

On the plus side: With Nuki I get added security because the door goes into full 3-point lockdown at night or when no one is at home (kids and GF used to forget locking the door when leaving…). And I am not worried anymore that someone is copying the physical key, or using it when the kids lost the key again.

In short my conclusion: any automated lock/unlock system will probably decrease the overall security when you have a good physical key management (locking the door always when leaving, never leave keys out of sight, never lose a key or immediately replace all cillinders after losing one).
But in my family the ‘Human factor’ tipped the balance to getting a Nuki (plus I like to test this technology ).

Full disclosure: My profession is being a security expert. But I have not done a very thorough assessment of Nuki, other than above considerations.

Well, a traditional crowbar burglar is more likely than a black hat burglar hacking in front of your door!

I agree the burglar most likely needs to be physically at your door to make any sense when hacking it.

But you can also think of some prankster who is remotely opening doors worldwide just for fun, or for ransom…

But you seem to think burglars are low tech. This is drastically changing. See the example of car thieves that use high tech to gain access to the ‘smart lock’ of the car. It is just a small step from a car door to your front door (literally!)

Well, you can`t start a car with crowbar anymore, cars too high-tech. But, entering doors good old metal does the job! The high-tech burglar would maybe consider a frequency jammer to knock out the systems!

A smart-lock is not more secure than a traditional lock, it makes it just easier in the every day life, security wise always focus on the weak link, and the weak link in this example is actually the lock bolt and frame!

Apart from the electronic side there is also the physical side to consider. I don’t know specifically about the Nuki, but I read a blog post somewhere last week (can’t seem to find it now) about a smart lock that could be opened in about 10 seconds with a small electric drill and a pin.
The problem there was that part of the release mechanism was actually on the outside of the door in a non-hardened metal casing. So all a burglar had to do was lift that mechanism and they would be in.
So my takeaway from that post was that aside from the cyber security a thorough review of design and build quality is essential for locks such as these.

One viewpoint to this - if the smart lock is not visible outside, burglar would not even know the door is equipped with such. If they don`t know whats on the otherside, becomes a bit harder to break in - unless one attaches Danalock or Nuki stickers outside

Thanks for sharing valuable information about smart locks

I cannot believe how incredibly stupid engineers have been regarding remote accessing a car. A child could have come up with the idea of simply repeating the lock signal.

You know any examples of manufacturers who have been fully transparent about their (software)security record, audits and their hack prevention methods?

I always ask myself the question: what could happen if someone hacked this device.

They might have security flaws, they might have information leaks, they might have government backdoors. Who knows. Hacks are inevitable. Everything a human makes, he can destroy eventually.

We’ve also seen major cover-ups from companies like NordVPN etc. Because that is natural tendency of these companies. Got hacked? Stay silent.

That is why I tend to not buy devices with high privacy risks, like (indoor, WIFI) camera’s. Because I cannot verify the integrity of the manufacturer. Same goes for locks. Same goes for WIFI devices which can form a backdoor into my network, laptops etc.

So no locks, no indoor camera’s for me. WIFI devices are strictly separated from the rest of the network. Trusting these manufacturers, who have a primary different interest than you, is very naive.

Did you switch off pairing mode for Nuki btw?

Yes I did switch off the BT pairing, exactly for the reasons mentioned in the article. Thx for sharing! And what a fun Homey webpage. Is it yours?

I was wondering the same and found this link with a video how to hack Nuki.

I understand that you can disable this mode but why Nuki has this gaping security hole enable by default if puzzling me.

Just a question: did you connect Homey to a smart speaker, and does that open the possibility to yell trough the letterbox: Hey Google/Alexa/Siri, open the front door?

With Nuki you can disable the possibility for Homey to really unlatch (open) the door. And that is the setting I’m using off course so that it is not possible via voice command to open it.