Smart locks could make your home less secure
Convenient technology lets you control and track access to your home remotely, but adds potential risks
D'Arcy Walker never has to remember where he put his keys. He just touches the smart lock on the door of his Toronto townhouse, and the phone in his pocket unlocks it.
Smart locks are electronic gadgets that allow physical locks to be opened by a wireless signal from a device such as a smartphone or fob.
They offer plenty of convenience, and new models with handy new features are hitting the market every day.
But what they don't offer is better security than traditional locks — in fact, they may make your home less secure, experts warn.
Smart locks have already been on the market a few years and many models are affordable — Walker bought his Weiser Kevo for $250 in 2013.
"I was in the store and I saw the stand there and figured, 'I hate keys, why not give it a shot?'" he recalls.
From his perspective, the only downside is that if his phone runs out of juice, he's locked out until he can find somewhere to charge it. Generally, he's happy with his spur-of-the-moment purchase.
"I would recommend it. It's very convenient to come home and not have keys."
Convenient for families
If a friend or his mom needs to grab something at his apartment, he just sends them a temporary electronic key. He doesn't have to be home to let them in.
In adding a smart lock, you've actually created another attack venue for an attacker to break into your home.— Geoffrey Vaughan, Security Compass
Steve Kolobaric, marketing manager for Weiser locks, said smart locks are particularly handy for families. A fob can be attached to a child's backpack, allowing them to get in by just touching the lock. When that happens, the parents will be sent a notification on their smartphones.
"So you have that peace of mind," he added.
Right now, he said, smart locks make up about 10 to 15 per cent of lock sales in Canada, but their growth trajectory is expected to go "through the roof in the next couple years."
NextMarket Insights, a strategy and research firm focused on emerging technologies, predicted in 2014 that the global smart lock market would grow from $261 million to $3.6 billion by 2019.
New brands and models have recently hit stores, and several other designs have crowdfunding campaigns on sites like Kickstarter and Indiegogo.
Rush to market
"Everybody's rushing to market and trying to get these locks out as quickly as possible," said Geoffrey Vaughan, security consultant with the Toronto-based software security firm Security Compass.
The company has uncovered security flaws in a number of new smart locks.
"This might be a symptom of them releasing a product as quickly as possible without getting the thorough application security testing that's required on these sort of devices."
Among the flaws was a critical vulnerability in the stylish, $300 August smart lock sold in Apple Stores, which has since been fixed.
But it had potentially allowed an intruder to use a mobile app to find an August lock, based on an identification number that Bluetooth devices often broadcast wirelessly. After a series of other steps, the intruder could directly access the device's server and send a command to unlock the door.
Additional security measures should have been put in place to prevent the unlock signal from being sent under those circumstances, Vaughan said.
However, there was no evidence anyone took advantage of this vulnerability. August came out with a patch 24 hours after learning of the security flaw.
Vaughan added that when a vulnerability is discovered in a smart lock's firmware, it's sometimes not that easy to patch.
"Updating them, if not done correctly, could ruin the device."
Vaughan warns that even smart locks that have been properly designed and tested don't provide better security than traditional locks.
"In adding a smart lock, you've actually created another attack venue for an attacker to break into your home. With these locks, there's actually no increased level of security."
Weiser said the Bluetooth signals its smart locks emit are not discoverable by a device not paired with the lock and they use "military grade" encryption.
In any case, Kolobaric said, the chances of someone hacking your smart lock are slim. "They will actually grab a brick and throw it through the window first."
Walker said he's not concerned about the security of his smart lock.
"If someone wants to get into your house, it's pretty easy to get into your house," he said. "So I would say that the smart lock is the least of your worries."
With files from Shawn Benjamin