Welcome to the Keyless World
Over the past few years, the smart locks industry has grown exponentially. According to a report by Allied Market Research, by 2016, the industry was worth around $400 million with North America accounting for almost 35% of the total market share. By 2023, the industry is expected to hit the $1 million mark.
Europe is notably behind when it comes to the adoption of this new technology. However, in the last few years, there has been slow but steady growth, but still, the number can’t be compared to the US market. Korea, on the other hand, is a surprising market for these locks together with China. The Pacific-Asia region, in general, seems to be a fast-rising market for these high-tech locks due to the vast construction going on.
The connected lock industry is indeed a big deal. In the beginning, it’s the traditional deadbolt brands and companies like Schlage, Kwikset, and Yale that dominated the smart lock industry. Today, we have witnessed big companies like Amazon joining the bandwagon with Amazon Key. It’s worthy to note that Amazon also has Alexa which interestingly, works with several connected locks, Amazon Key included.
The market has also attracted several other brands including Samsung, Lockey, August, Ikilock, Ultraloq, LockState, Quicklock, Okidokey, Plantraco, Tapplock, and so on.
Welcome to the keyless future
To be honest, the convenience of smart locks is irresistible. Many are times you forget to close your door, or you lose the keys. With an intelligent lock, all these are worries of the past. The possibilities of smart locks go beyond the basics of opening and closing the door.
Right now, some models can detect when you are around, and they automatically open for you. If you always struggle with a bunch keys at the door with arms full, this is a feature you will love. Connected locks have proved to be an invaluable addition to many homeowners in different situations. Parents can easily monitor when kids come in and go out. It’s also easy for dog owners to coordinate with dog walkers easily and more securely compared to leaving the keys tucked somewhere.
Businesses can also leverage on the several access methods that smart locks offer. Instead of giving employees copies of keys, models like ResortLock 4000 can store over 800 codes, also known as e-keys. Smart locks are also ideal for senior citizens or homeowners with disabilities.
Amazon, the largest online retailer, has its own connected lock launched last year called Amazon Key. Many online shoppers have a busy schedule, and the result has been cancellation of many orders. Right now, the in-home delivery powered by Amazon Key has solved one of e-commerce’s biggest challenge. This new technology enables customers and Amazon to schedule deliveries even when there’s no one at home.
Through coordination between a connected camera and lock installed at the door and Amazon, your door will open once the delivery guy arrives and closes when they are done with dropping your order. There’s also the in-car delivery where the order is put in your car in the same fashion as the in-home delivery.
Surprisingly, these new locks have also impacted the insurance industry. Even though intelligent devices like smoke detectors, and maybe leak detectors are the investments that make sense to insurance companies, smart locks improve the property’s security. That means insurance companies may be more willing to insure properties with these locks than the traditional deadbolts. But that’s subject to the quality of lock you install. As you understand, there are some really good connected locks in the market as well as knockoffs.
Smart locks have also influenced Airbnb with hosts preferring them over giving strangers copies of their door keys. It’s easier and even convenient for Airbnb visitors to use access codes than having to bear the extra hassle of carrying keys.
Smart locks put the focus on preventive measures. Some models like Schlage Sense Smart come with a built-in system that detects when the lock is being tampered with. It then notifies the owners through an alarm system. That means that even though the lock doesn’t come with any extra security, homeowners can always be alerted in case of anything. That’s something your traditional deadbolt can’t do. However, it’s worthy to note that these locks, just like deadbolts, come in different security grades, with the ANSI Grade 3 locks being the best.
Are intelligent locks safer than traditional deadbolts?
While connected locks have become an invaluable addition to the modern smart home, they tag along with a host of risks. A very controversial question recently has been; is a connected lock extra security or an additional risk? As we all understand, there is no extra security that the likes of Schlage, Kwikset and the rest come along with except for the preventive measures like the alarm and tamper-detection. In fact, one can successfully argue that smart locks make your home more vulnerable and indeed, it’s true.
Smart locks are very conspicuous, and their sophisticated nature always raises eyebrows that there could be something valuable inside. While the designers were focusing on the aesthetics, burglars seem attracted more to doors with connected locks as opposed to doors with the traditional deadbolt. However, this is not a major concern because features like alarm and tamper-detection will notify you before the burglar gets far with lock picking or breaking in.
Recently, home AI and the Internet of Things, in general, have been under the radar for their vulnerability to hacking. It’s unfortunate that smart locks focus on convenience while jeopardizing your property’s security. The fact that intelligent locks connect to other devices via a wireless protocol makes your house insecure as hackers can intercept the commands and fetch passcodes or even program new access codes.
The risks of these locks are not only from hackers. Recently, LockState internet locks were affected by an automatic firmware update. Most of the homeowners couldn’t do a thing about their doors unless using the mechanical key. You never know what the bug, might do; it might lock you inside or even open the door to intruders.
The vulnerability of Bluetooth LE communication
One of the features that make smart locks very vulnerable is the Bluetooth protocol. At the DEF CON hacker conference, it was established that 75% of Bluetooth locks could be hacked into. The problem in these locks is not the Bluetooth LE protocol but how the system implements communication. Funny enough, most of the models were transmitting communication in plain text. The researchers were also able to program new password by returning the commands with the initial passwords changed freezing the real homeowner’s access.
Voice assistants are also susceptible
The vulnerability goes beyond the lock itself. Voice assistants are becoming increasingly popular because they help us manage our smart devices more easily. Many smart home enthusiasts have connected their homes to Amazon Alexa and other assistants like Google Assistant that are also being hacked. One of the features that have been put under in-depth scrutiny is the new Door Lock API. The feature requires just a voice command and the PIN to open the door.
There are no authentication means of proving that it is indeed the homeowner requesting for access. Initially, Amazon and Google were reluctant to roll out this feature but guess what; it’s now in place without any other security layer. The work of a burglar is made easier as they only need to record your pin code and that’s it. At least there should be some technology to clearly and accurately match the homeowner’s voice recording and the actual voice when issuing commands to Alexa.
Apple HomeKit has also come under threat, and just last year, Apple had to fix several vulnerabilities that could have put homeowners security in jeopardy. It was reported that the malware is in the current iOS 11.2 version and could give hackers access to several smart devices including smart locks and even garage door openers.
What the future holds for smart locks
Well, not all the connected locks in the market are insecure. It’s just that most of the models out there rely on Bluetooth Low Energy communication which is highly susceptible to attacks. So far, there’s hope in smart locks with other protocols like Wi-Fi, ZigBee, and Z-Wave. But that is not to say that they are 100% secure; the internet is synonymous with cybercrime.
Most of these top brands, the likes of Kwikset, Schlage, and Yale have an excellent record. “At Yale, we develop all of our systems with security in mind,” says Mr. Josh Waites, a product manager at Yale. “All data are encrypted, and we also employ third-party penetration testers to conduct regular security assessments and tests to ensure our smart locks are secure.”
But there might be a dozen of vulnerabilities that have not been discovered yet. Amazon Key, for example, has been hacked by Rhino Security Labs which uses a bug that blocks the camera from recording and cuts Wi-Fi connection so the door won’t close after the delivery guy leaves. Also, it’s possible to block the command from Amazon to close the door after a delivery has been made. All these are security concerns that face the smart lock industry.
Indeed, internet and technology has revolutionized home security. Connected locks come with the same protection as traditional deadbolts but have the extra capability to detect any tampering like lock picking and notifies the homeowner. The convenience they offer is immeasurable; from opening and closing the door remotely to monitoring whatever is happening on your door front in real time while in the office. It is evident that the designers focus much on the robustness of the lock and forget security. It’s unfortunate that even some of the biggest names in the industry have these discrepancies.
While the risks sound alarming, security experts say that in most cases, it’s the homeowners who make themselves vulnerable to hacking. One of the ways to stay safe is to make sure that your Bluetooth connection is always off when you are not using it. Also, it’s advisable that you don’t use voice assistant for your smart lock. But then, this doesn’t make you 100% secure as hackers are developing more intricate methods of exploring intelligent lock vulnerabilities. For now, it’s up to the brands to beef up security because the recent spate of cybercrime may tumble the smart locks industry if they don’t prove to be secure enough!