Knight, Edward, Lord, Sam, Arief, Budi (2019) Lock Picking in the Era of Internet of Things. In: Proceedings: 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). . pp. 835-842. IEEE ISBN 978-1-7281-2776-7. (doi:10.1109/TrustCom/BigDataSE.2019.00121) (KAR id:75142)
PDF
Author's Accepted Manuscript
Language: English |
|
Download this file (PDF/179kB) |
|
Request a format suitable for use with assistive technology e.g. a screenreader | |
Official URL: http://dx.doi.org/10.1109/TrustCom/BigDataSE.2019.... |
Abstract
Smart locks are a recent development in the Internet of Things that aim to modernise traditional keybased padlock systems. They allow users to operate the lock with their smartphone instead of carrying around a physical key. Typically, smart locks have a cloud system for sharing access with other people, which makes them ideal for schemes such as communal lockers or bike sharing. One of the smart locks available on the market is that produced by Master Lock. They are an established brand, and unlike many of the single product companies that have provided insecure offerings, Master Lock have so far shown that their locks are reasonably secure and resistant to known attacks such as shimming, fuzzing, and replay attacks. This paper provides a security analysis of the Master Lock Bluetooth padlock. More importantly, it reveals that there were several security vulnerabilities, including a serious one in the Application Programming Interface used by Master Lock to provide a crucial feature for managing access. We carried out a responsible disclosure exercise to Master Lock, but communication proved to be quite a challenge. In the end we managed to establish contact, and as a result the most serious vulnerabilities have now been patched. This indicates that responsible disclosure is a valuable exercise, but we still need better report-and-response mechanisms.
Item Type: | Conference or workshop item (Proceeding) |
---|---|
DOI/Identification number: | 10.1109/TrustCom/BigDataSE.2019.00121 |
Uncontrolled keywords: | security, IoT, smart locks, API vulnerabilities, responsible disclosure |
Divisions: | Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing |
Depositing User: | Budi Arief |
Date Deposited: | 01 Jul 2019 08:53 UTC |
Last Modified: | 05 Nov 2024 12:38 UTC |
Resource URI: | https://kar.kent.ac.uk/id/eprint/75142 (The current URI for this page, for reference purposes) |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):