Smart Lock

Kwikset Kevo 1st Generation

vpn-mentor-icon

vpn-mentor-icon

Device Safety

vpn-mentor-logo

Very Unsafe

Not Safe

Safe

Very Safe

vpn-mentor-icon

Product

Kwikset Kevo 1st Generation

vpn-mentor-icon

Camera

No

vpn-mentor-icon

Microphone

Yes

vpn-mentor-icon

Connectivity

Bluetooth

vpn-mentor-icon

Material

Metal

Overview

With smart locks being a purely security focused piece of smart technology, and potentially the one which requires the most trust in a smart device, our hacking team tested out two devices. The second popular Bluetooth deadbolt device, by Kwikset, actively communicates with all assigned key fobs and mobile devices. Using intelligent positioning technology the smart gadget identifies whether the user is outside or inside the protected area and triggers the unlocking mechanism upon successful verification.

Tactics

A comprehensive examination of software and hardware configuration revealed possible physical exploitation of the locking mechanism utilising commonly owned tools.

Exploitation

By inserting the thin sharp part of a screwdriver into the lock and using a small hammer with precise shaking movements, a malicious actor can reach the alignment point of all pins relatively simply. Further application of rotational pressure using pliers leads to a potential unauthorised access and exposure of valuable assets.

Recommendations

- Always perform an open source research through reliable search engines (e.g. Google, Bing, etc.) on specific functionality requirements and critical vulnerabilities related to the smart device you are interested in.

- Be aware of any signs for physical intervention with the product.

- Stay up-to-date with the latest news around your preferred smart device brand. Directly address the appropriate authorities if you or someone else has identified any major misconfiguration.