Home Cyber Security Only MAC address was needed to open some Smart Locks: Report

Only MAC address was needed to open some Smart Locks: Report

Smart Locks
Smart Locks

It is worth noting that there has been a lot of debate about how cybersecurity is an important part of our lives often neglected a lot before the pandemic started and everyone saw how vulnerable everything around us is. However, this report is something that even caught us by surprise and those who are using Smart Lock systems in their houses will be worried after this as well. A research was conducted on the effects of hacking attempts on smart locks and it is worrying to know that they are very easy to hack.

According to researchers, they only needed the MAC address and nothing else in order to get inside smart locks sold by major US retailers and that they were opened as well. Now, the main reason we put smart locks is so that no one can open them without the required passwords but if only a MAC address can open them then this is worrying. In particular, a smart lock known as UltraLoq is being sold for $140 and is marketed as “secure and versatile smart deadbolt that offers keyless entry via your Bluetooth-enabled smartphone and code.”

However, researchers found that this smart lock shares “Ekeys” and this is one of the most insecure methods to open the smart lock. Researchers say that those ekeys can also be received by “a hacker able to sniff out the device’s MAC address can help themselves to an access key, too”. The researcher also found a “repeating message flow on the unlock process” and put more time on it to find that those messages could also be used to open the lock with just a Python script to replay messages. This researcher concluded that “The key problem here is that they focused on user authentication but failed to implement user-level access controls,”