by RSS David Maciejak  |  Oct 07, 2016  |  Filed in: Security Research

Developing our own opinion

In part one of this two-part series, I provided an overview of smart lock technology and some of its vulnerabilities and risks. We also decided to ‘try our luck’ with the security of these solutions in the Fortinet FortiGuard Lab, so we ordered some random brand smart locks for testing. Two of our main vulnerability researchers, Tony Loi and Tien Phan, were able to do some in-depth analysis these last few weeks. Not only were they able to confirm the attacks demonstrated by DEFCON presenters, they were even able to go break these solutions down even further.

Our audit was focused on the companion apps, and mainly involved:

  • Reverse engineering
  • Sniffing traffic for protocol examination
  • Testing the logic flow

Our finding: not all smart locks are equals

The good

  • Some smart locks use AES encryption
  • Some are even implementing modern key exchange protocol (Curve25519SharedSecret: high speed elliptic-curve crypto)
  • And some use long random nonce to prevent replay attack

Figure 2: AES encrypted packet

The bad

  • Some are using hardcoded AES keys that can be used to decrypt traffic. This implementation of AES gives the illusion of security, but it is able to be broken.

The smart

  • Some locks we tested are very well-designed, but still vulnerable to relay attack

The inequality between solutions is a reality for smart locks that we anticipated, not only because it was something inherent in the software solutions being used, but that experience has shown that weak implementation of security can be generalized to the majority of IoT solutions. Choices available to consumers will need to mature to a point where all solutions see real application security in intrinsic to such a device, or consumers will have to be prepared to pay more for a truly secure product. Of course, this assumes that these consumers are able to understand the actual risks and implementation details. Unfortunately, this has almost never been the case for now. However we still hold out hope that this can change through consumer education that provides individuals with the skills, concepts, and understanding they need to make good decisions.

Let’s frighten even the smartest

Most of the time, hackers simply take advantage of flaws in systems using attacks that have been used in the wild by other criminals, such as car thieves, for a long time. For example, the relay attack used against smart locks has been used previously to break into cars with keyless systems. This was detailed in the research paper “Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars” (the two following figures are from the paper).

For example, last year a $32 radio device called “RollJam” was released to supercede previous basic code grabber devices. This device, smaller than a cell phone, can be used to defeat the rolling codes security used by keyless systems to unlock millions of modern cars, trucks, or even garages. By jamming the signal while capturing a valid code, a robber can replay that code anytime later and thus unlock the vehicle. They can do this because these authentication codes do not embed an expiration time, as is normally the case for any correct two-factor authentication system implementation.

The relay attack on smart locks is really just a variation on the keyless car attack described. After a number of unexplained thefts of cars with keyless entries, it became clear to some researchers that some kind of signal amplification devices may have been used. That motivated them to look deeper, document their process, and to release their findings.

The logical next question, of course, was why only target cars when this same attack can be also pretty effective against a range of other IoT devices, such as smart locks? In fact, a car’s keyless system and the current collection of smart lock on the market share a common design and working model.

Figure 3: Ladder diagrams

In theory, using Bluetooth someone can simply build two relay endpoints:

  • One put near the smart lock
  • One put near the smart lock owner

Then, the attacker can simply trick the lock into thinking that its owner is nearby by grabbing the Bluetooth packets relayed between the lock and the owner through the rogue relay endpoints. When replayed later, the lock will simply unlock itself. Please note that some devices may need the auto-unlock feature to be enabled, which is sometimes not the case by default.

Figure 4: High overview of the circuit diagram

While building an actual proof-of-concept may require many man-hours, we can confirm that all the locks we examined in this research have no countermeasure to such an attack, and are vulnerable.

Conclusion

Although there are some flaws, we found that, in general, smart locks perform very well, and will play an increasing role in the emerging IoT era. However, we do not currently recommend switching your old locks to smart locks yet. As with any new smart technologies, while the hardware portion of the solutions is already as reliable as traditional locks, the software component still has too many early challenges to be reliably secure.  That means they are share the same existing weaknesses as lock picking/bumping or physical key imprinting, with the additional challenge that they can be exploited anonymously, and from a distance.

Figure 5: Basic lock picking kit and soap key imprints

For those who already have these solutions in place, as a security best practice we suggest disabling Bluetooth whenever you are not using it, or at the least, disabling some specific risky features, such as geofencing.


Further, even if most IoT devices are headless, some can still receive firmware updates designed to fix vulnerabilities. And even though it can be cumbersome for a user to apply such patches, it’s often not impossible. If the issue is located in the companion app, however, that's even better, as the app can be automatically updated by the underlying operating system.


The next generation of smart locks will most probably improve their process of dealing with security issues. While manufacturers will not be able to predict new attacks, what they can do is to simplify the update process of their devices. Tesla Motors, whose primary function is building and selling electric cars, is a good example to follow as to how to improve user experience. They can already push over-the-air software updates to their vehicles from a home Wi-Fi network access in less than 45 minutes. The big plus for customers is that they do not have to bring back their cars to the dealer.

 

We anticipate that the smart lock technology will continue to advance, and that the industry is likely switch to a more secure protocol once one is produced. And ultimately, they might get ultimately get rid of the smart key portion of the solutions in favor of biometric identification. It’s still hackable, but at least it will be more difficult to lose, intercept, or steal.

-= FortiGuard Lion Team =-

by RSS David Maciejak  |  Oct 07, 2016  |  Filed in: Security Research

comments powered by Disqus