All eyes are on the smartphone these days, and in more ways than one. Not only do we look to these devices for our day-to-day communications and info, but we also see them as sources for technological ideas among other products—including door locks. Auto maker Hyundai recently announced that it will implement fingerprint recognition as a means for unlocking its cars. Meanwhile, Apple, one of the companies that helped to make biometric (fingerprint-based) access a mainstream reality, has since moved on to another method: facial recognition. Now it seems that facial recognition is making its way to door locks.

But before you’re quick to adopt and offer such connected technologies as part of your company’s add-on options, there may be risks to consider for your customers. They might thank you for the technological ease of opening their door with a smartphone. Or, they might get hacked—especially if they connect the locks you sell them to other wi-fi-enabled devices, like light bulbs or thermostats. That’s the message a group of computer scientists from the College of William and Mary, in Williamsburg, Va., is warning folks with, following a study in which they found 10 key security issues among common automated devices.

“Based on our research, we found that the problem is not necessarily with the security-sensitive devices themselves, but with the fact that low-security devices, like lights, power outlets, etc., can affect or trigger home automation modules, known as routines, involving [other] security-sensitive devices,” one of the researchers, Kaushal Kafle, tells DWM magazine. Among the products labeled as “security-sensitive,” Kafle includes automated locks—many of which are offered by door manufacturers and dealers as add-on options for hardware.

Avoiding Interactions

On their own, automated locks might be perfectly fine, but when a homeowner integrates their locks with other devices, like wi-fi-connected thermostats, lightbulbs or smoke detectors, the risks for hacking increase, Kafle says. By linking such devices, homeowners can rely on their smartphones to trigger a garage door to open, a light to come on, or a thermostat to switch from “away” to “home” mode in order to begin heating. But through a process described as “lateral privilege escalation,” those same interactions could allow hackers to gain access to your home. Among the two primary systems allowing such interdependencies (one of which functions peer-to-peer, while the other utilizes centralized databases), both were found to be vulnerable. In some cases, gaining unauthorized access could be as easy as sharing public wi-fi, researchers say. Kafle and his colleagues demonstrated such vulnerabilities using two of the more prevalent connected devices out there: Google’s Nest and Philip’s Hue. The possibilities “are endless,” they suggest, also pointing out that matters are set to get worse, with more than 20 billion connected devices expected to deploy by 2020.

That doesn’t mean that door and window companies should refrain from offering wi-fi and smartphone-connected locks, but, “We do feel that it’s best to be cautious and proactive on the user’s part, to know what the device is getting connected with and what the apps are that control their devices and platform,” Kafle warns. In other words, you may want to poll your customers amid the sales process in order to warn them against tying their new locks to other systems and devices. By using only the apps and devices developed and intended for their systems, they should be able to minimize risks, William and Mary’s researchers suggest.

“Don’t use automations that allow low-security devices to control or affect security-critical devices [like locks], whether directly or indirectly,” Kafle says. “This will greatly minimize the risk of using such platforms.”

 

Leave a Reply

Your email address will not be published. Required fields are marked *