in a test. The conclusion: “Convenience doesn’t have to mean insecure.” In terms of security most of the devices tested of this product group were refreshingly different from other smart home devices, which often had striking security shortcomings. All in all, the testers gave the smart lock manufacturers the thumbs up. Five of the six locking systems evaluated offered solid basic security with theoretical vulnerabilities at the most. Smart locks from eQ-3, Noke, and Nuki passed the test, even achieving three out of three stars – a solid security level and exactly what you’d expect from a smart locking system.
All the smart locks evaluated support local Bluetooth communication. And on all the units, the communication between the lock and the mobile device proved to be secure. For Bluetooth communication, the locks mostly send and receive using the 4.0 standard (1 milliwatt, Low Energy), which offers a maximum wireless radius of ten meters. As such, if Bluetooth communication is going to be attacked, the hacker would have to be really close to the lock. By default, the smart locks use encryption, mostly 128-bit AES. This means that the transmission of commands is securely encrypted. When asked, Christoph Clasen, from the State Criminal Police Office in North Rhine-Westphalia, Germany, also confirmed that in Germany there have so far been no reported incidents of successful attacks on these types of lock. He stresses that, “While there certainly is a theoretical possibility of overcoming electronic cylinders, the effort involved is much higher than with a mechanical cylinder.” He also adds that if a security vulnerability is found, the manufacturer can fix this quickly by issuing an update. That’s good to know – after all, smart locks with lax security could be as good as leaving your door open with a welcome sign for burglars.