Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings

Smart Lock Vulnerable To Breaches Using A Smartphone

By Michael Luciano | July 17, 2018

Share

Described as the “world’s first smart fingerprint padlock,” Tapplock is a high-tech padlock secured with a fingerprint. According to its creators, the smart lock’s owners no longer need to remember combination codes, but simply swipe their finger instead to open the smart lock. In addition, the device can be managed using a smartphone, so it can be remotely unlocked to let other trusted people access whatever it is protecting.

However, according to cybersecurity experts, the Tapplock can reportedly be opened by anyone with a smartphone. Researchers said it took them just 45 minutes to breach any Tapplock device, which the company quickly acknowledged, and said it was issuing “an important security patch.” This fix reportedly addresses several of the smart lock’s Bluetooth and communication flaws that would allow unauthorized users to infiltrate the device.

“You can just walk up to any Tapplock and unlock it in under two seconds. It requires no skill or knowledge to do this,” says Pen Test Partners (PTP) security expert Andrew Tierney.

Tierney says it was so astoundingly easy to breach a smart lock that he ordered a second just in case his first attempt was a fluke. One of the major causes behind the device’s susceptibility to being accessed by cybercriminals lies in the lock’s software, which doesn’t even take simple steps to secure the data it broadcasts, leaving the Tapplock vulnerable to these trivial attacks. The Tapplock’s notable design flaw lies behind how the device’s unlock key is easily discoverable because it is generated from the Bluetooth low-energy ID that the device resonates.

Anyone with a smartphone could pick up this key if they scanned for Bluetooth devices when close to a Tapplock. Using this key in conjunction with commands would let attackers successfully open any one of these particular devices they discover. To make matters worse, the backside of the Tapplock can easily be removed to let attackers infiltrate the device. This particular weakness was traced back to faulty manufacturing, and a subsequent test showed other locks were exempt from suffering this type of attack.

Instead of looking into its physical design, Tierney and his team examined the smart lock’s software to see who can manage and use the device. Shocked and disturbed by his findings, Tierney contacted Tapplock, who said they were aware of the flaw. The company was given time to rectify the problem before PTP went public with their findings, during which Tierney urged Tapplock to warn their customers about the lock’s vulnerabilities.

In response to the breach’s discovery, Tapplock stated it would issue a software update to fix the flaw, while urging customers to update their app once it becomes available to their region. The company also strongly recommended upgrading the smart lock’s firmware to receive the latest production. In addition, Tapplock was grateful for PTP alerting them of their product’s flaws, and pledged to continue keeping up with the latest security trends, along with providing periodic updates.


Filed Under: Cybersecurity, M2M (machine to machine)

 

Related Articles Read More >

Part 6: IDE and other software for connectivity and IoT design work
Part 4: Edge computing and gateways proliferate for industrial machinery
Part 3: Trends in Ethernet, PoE, IO-Link, HIPERFACE, and single-cable solutions
Machine Learning for Sensors

DESIGN GUIDE LIBRARY

“motion

Enews Sign Up

Motion Control Classroom

Design World Digital Edition

cover

Browse the most current issue of Design World and back issues in an easy to use high quality format. Clip, share and download with the leading design engineering magazine today.

EDABoard the Forum for Electronics

Top global problem solving EE forum covering Microcontrollers, DSP, Networking, Analog and Digital Design, RF, Power Electronics, PCB Routing and much more

EDABoard: Forum for electronics

Sponsored Content

  • Global supply needs drive increased manufacturing footprint development
  • How to Increase Rotational Capacity for a Retaining Ring
  • Cordis high resolution electronic proportional pressure controls
  • WAGO’s custom designed interface wiring system making industrial applications easier
  • 10 Reasons to Specify Valve Manifolds
  • Case study: How a 3D-printed tool saved thousands of hours and dollars

Design World Podcasts

May 17, 2022
Another view on additive and the aerospace industry
See More >
Engineering Exchange

The Engineering Exchange is a global educational networking community for engineers.

Connect, share, and learn today »

Design World
  • Advertising
  • About us
  • Contact
  • Manage your Design World Subscription
  • Subscribe
  • Design World Digital Network
  • Engineering White Papers
  • LEAP AWARDS

Copyright © 2022 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings