Smart padlocks can be hacked in seconds

Share this…


A cutting edge technology padlock, operating with fingerprint, can be opened by anyone who has a smartphone, as discovered by information security investigators.

On its website, Tapplock is presented as the “first intelligent fingerprint lock in the world”.

But researchers with information security training claim to have taken only 45 minutes to find a way to unlock any Tapplock team, the company has already recognized the error.

In a blogspot, security expert Andrew Tierney of Pen Test Partners revealed how to hack the padlock. “You can walk to any Tapplock device and unlock it in less than two seconds. No skill or knowledge is required to do this”.

Tierney claimed being “so astonished ” by how easy it was to unlock the lock that he had to ask for another lock in case his first attempt had been a stroke of luck. “The lock software doesn’t even take simple measures to protect the data it operates with, he said, leaving it open to hackers attack.”

Its “main defect” is that the unlocking key of the device is easily discovered because it is generated from the Bluetooth ID key transmitted by the Tapplock padlock. Anyone could intercept this key by scanning the Bluetooth devices near their smartphone when it is near a Tapplock.

The use of this key along with the commands issued by Tapplock would allow the attackers to successfully open any padlock they find, mentions Tierney.

In response, Tapplock issued a statement that they were developing a software update.

“Stand for the update once it’s available for your region. We strongly recommend you also to update the firmware of your locks for the latest protection”.

“This patch fixes several Bluetooth and communication vulnerabilities that can allow unauthorized users to get access illegally. Tapplock continues the vigilance of the latest security trends and provide updates from time to time”. He also thanked PTP for alerting the problem.

Tapplock is a Canadian security firm that has gained notoriety and growth from crowdfunding campaigns, reports the International Institute of Cyber Security.