Many popular brands of locks are at risk of attack

People are increasingly turning to Smart Locks to secure their front door while enjoying the convenience of their smartphones to operate the lock, often automatically. For the average user, a well-chosen Smart Lock can provide more security than they had with a traditionally locked door thanks to lost and stolen keys, lockpicking, and forgetting to lock the door behind them. The Smart Lock does away with all that old world complexity. But what few may know is that there are a relatively small number of Smart Locks on the market today that are safe from digital lockpicking by someone with coding skills and a hardware toolkit that can be easily sourced from Amazon – a problem that can be eliminated with LEVL.

Smart locks typically use Bluetooth Low Energy (BLE) from the lock to the phone and the lock uses Wi-Fi to the cloud for remote access, updates, and configuration. Often, the phone has a Smart Lock app used to operate the lock. As is conventional with most applications, the app will leverage a user name and password for authentication of the user to the lock. Once initially authenticated, the app typically allows the lock to operate without user-phone interaction when within BLE range. This provides maximum convenience to users – a key selling point for smart locks

There are several ways these locks can be hacked

First, most apps use encrypted username-password combos for security, a technique which is well known to be unsafe as many people use easy-to-guess or repetitive passwords. This would essentially let hackers steal credentials and use their own phone to unlock the lock. This could be solved by using 2FA, however, manufacturers know that introducing the second factor eliminates the convenience quality of the Smart Lock and thus relatively few locks on the market are secured this way. In addition, some locks are vulnerable to replay attacks, an attack in which the whole digital package is captured and then can be replayed, without needing to break any encryption. Lastly, all BLE based smartlocks are vulnerable to the same relay station man-in-the-middle attacks, a concept hackers have adopted from the vehicle theft world.


When LEVL’s radio fingerprinting solution is incorporated into the Smart Lock, LEVL creates a globally unique physical ID for each phone used with the lock based on the wireless signals broadcast. Once the ID is created, each interaction with the Smart Lock automatically authenticates the physical identity of the phone before the digital credentials are passed. No user interaction is required which preserves the convenience of the original design, but at the same time delivers unparalleled security. In the replay attack scenario illustrated above, the Smart Lock would never receive the digital credentials as the hardware cannot be authenticated. The same technique prevents relay station attacks to happen and mitigates the credential theft risks.

Many studies across the various brands of locks have indicated large security gaps that can be filled with LEVL’s device authentication solution. Find out the details in the white paper below.

Let us help you secure your product

If you are a Smart Lock manufacturer or supplier, you can easily eliminate your customers’ chances of a cyberattack and increase the marketability of your product by incorporating radio fingerprinting by LEVL. Learn how to incorporate LEVL’s agentless, software-only solution in your product by starting here on our developer page.


LEVL can deliver and aftermarket security solution to your operations which will provide all the benefits discussed above. If you are interested in learning more about how LEVL can make the work from home era safer for your business, please contact us.