As the Internet of Things continues to grow and home automation gets easier to get our heads round, there are going to be more and more appliances that we’ll be able to control from our phones and tablets, including our doors. As an example, here is a product that you can buy from Apple called the August. It’s a device fitted to your door that allows you to lock and unlock the door as you walk up to it via their app:
Looks nifty no? But whilst we all like the novelty of controlling things from our phones, there is a major security aspect that we’re perhaps not paying as much attention to as we all should be.
A risk from hackers
If it can be hacked, hackers are trying to hack it. Whether it be laptops, phones, tablets, fridges, light bulbs or anything else, hackers are trying to break into the product electronically and gain control of it. That is my worry when it comes to items like remote door locking. Although not an established product, it’s electronic and therefore can be at risk.
There are already fairly established products out there, take the Yale Keyfree door handle for example. That product is controlled via the keypad on the front of the handle or a fob very much like a car fob. A signal is sent from that fob to the handle which deactivates the lock. There are other now emerging in the market place, some of which I have already tested and quite like!
But there is a common problem with all remotely operated door locks, and that lies in the electronic security of the products themselves. I am not familiar with every product and every system, but I’m not sure the current crop of app controlled door entry products have much of an in-built security wall.
Clever, determined burglars
It seems there is a growing community of hackers finding it increasingly easier to hack into internet enabled products. It wasn’t that long ago I was reading about hackers being able to hack into an internet enabled fridge and light bulb and getting into the homes automated internet system from there. It’s impressive, but worrying at the same time.
Although it might sounds remote, but internet enabled doors or door locks are also at the same risk. Would it be really that much work for a hacker to get past the door lock featured in the video above? They already know how to get into fridges and light bulbs, would the principle be any different? This isn’t something I know for sure, but has got to be a risk.
Not every burglar in the UK is going to know how to hack these things, that much we know. But we do have to be aware of those who do have the IT skills, technology and determination required which puts these homes at risk. What systems are in place to combat this risk?
Give up or carry on?
Despite this risk, I don’t believe that companies should give up on developing internet enabled door security. I do believe it has it’s advantages. For example, an app on your phone to tell you that your door is in fact locked would get rid of that nagging feeling when you leave the house and wonder if you had actually locked your door or not. An app to tell you who is home, a parent’s kids for example, is a handy way to keep an eye on them when they’re out of the office.
The technology has lots of useful applications in everyday life, but the industry can’t just ignore the risk. It has to build in some sort of defence, if it isn’t already, to try and at least make it difficult for burglars to override the technology and gain entry. Otherwise the industry is putting at risk many people’s homes.
A skilled “hacker” could break into a house with a “smart” electronic lock, just as a rogue locksmith could break into a house with a mechanical lock.
If someone wants to break into your house, they will do. The question is, how many skilled hackers and locksmiths with a desire to commit a serious crime are out there?
Security is really about making it difficult enough to deter 99.9% of people from committing a crime. If you go for the 100%, you frustrate the majority by taking away convenience.
Ah, but there is a key difference.
I have to be there to break in. A hacker doesn’t. The hacker can find the weak security system then go to those places that have that lock installed and let themselves in at no risk.
Think of it as making a masterkey for a type of lock then trying doors at random until one opens. Except you can try from down the road or even across the water.
No, nearly every IoT device is wide open. And security is normally lacking from both IT & physical sides, too!
I don’t know about apps and internet locks , that all sounds a bit far fetched just yet , but remote locking garage doors have been around for quite a while now and there must be a pretty good number installed , I am not aware of a major issue of security with them , maybe an app that can be used as a remote control for doors based on the current hardware model would work , but then, lose your phone and you begin to lose everything !!
Why wouldn’t this lock use the same random code generator that prevents your remote for your car door being copied… in the technology world they are called hopping codes or rolling codes… have a search for this and then relax…