Ridiculously Insecure Smart Lock

Tapplock sells an “unbreakable” Internet-connected lock that you can open with your fingerprint. It turns out that:

The lock broadcasts its Bluetooth MAC address in the clear, and you can calculate the unlock key from it. Any Tapplock account can unlock every lock. You can open the lock with a screwdriver.

Regarding the third flaw, the manufacturer has responded that “…the lock is invincible to the people who do not have a screwdriver.”

You can’t make this stuff up.

EDITED TO ADD: The quote at the end is from a different smart lock manufacturer. Apologies for that.

Posted on June 18, 2018 at 6:19 AM • 44 Comments