Researchers demonstrated how remote attackers could exploit UltraLoq and steal access keys with minimal effort.
A smart lock sold by major US retailers could be opened with no more than a MAC address, researchers say.
Smart locks have slowly been adopted as an intelligent, Internet of Things (IoT) alternative to traditional lock-and-key methods to securing a property.
Complementing other IoT devices including wireless doorbells, smart locks and deadbolts are used by the general public to secure their homes, and they also have business use cases -- such as when properties are listed on Airbnb, as they can be remotely managed by hosts who do not have to organize a key handover on-site to guests.
While convenience is king, such connectivity can also create a new set of security problems. Several years ago, for example, a botched
firmware update caused chaos for LockState customers who took to Twitter in their droves to complain they were unable to remotely control their smart locks -- and, therefore, access their properties.
... ...