Skip to main content

Lock Picking in the Era of Internet of Things

Knight, Edward, Lord, Sam, Arief, Budi (2019) Lock Picking in the Era of Internet of Things. In: Proceedings: 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). . pp. 835-842. IEEE ISBN 978-1-72812-776-7. (doi:10.1109/TrustCom/BigDataSE.2019.00121) (KAR id:75142)


Smart locks are a recent development in the Internet of Things that aim to modernise traditional keybased padlock systems. They allow users to operate the lock with their smartphone instead of carrying around a physical key. Typically, smart locks have a cloud system for sharing access with other people, which makes them ideal for schemes such as communal lockers or bike sharing. One of the smart locks available on the market is that produced by Master Lock. They are an established brand, and unlike many of the single product companies that have provided insecure offerings, Master Lock have so far shown that their locks are reasonably secure and resistant to known attacks such as shimming, fuzzing, and replay attacks. This paper provides a security analysis of the Master Lock Bluetooth padlock. More importantly, it reveals that there were several security vulnerabilities, including a serious one in the Application Programming Interface used by Master Lock to provide a crucial feature for managing access. We carried out a responsible disclosure exercise to Master Lock, but communication proved to be quite a challenge. In the end we managed to establish contact, and as a result the most serious vulnerabilities have now been patched. This indicates that responsible disclosure is a valuable exercise, but we still need better report-and-response mechanisms.

Item Type: Conference or workshop item (Proceeding)
DOI/Identification number: 10.1109/TrustCom/BigDataSE.2019.00121
Uncontrolled keywords: security, IoT, smart locks, API vulnerabilities, responsible disclosure
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Budi Arief
Date Deposited: 01 Jul 2019 08:53 UTC
Last Modified: 08 Dec 2022 22:01 UTC
Resource URI: (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.