We here at The Verge have tried to warn everyone about smart locks, particularly smart locks that rely on fingerprints for authentication. The TappLock is one such lock that was crowdfunded on Indiegogo and is now available to buy. And unsurprisingly, it’s incredibly easy to physically and virtually hack.
YouTuber JerryRigEverything proved that he could pull the lock apart using just a sticky GoPro mount, while cybersecurity company PenTest Partners found that the actual code and digital authentication methods for the lock were basically nonexistent. All someone would need to unlock the lock is its Bluetooth Low Energy MAC address, which the lock itself broadcasts. Essentially, the lock doesn’t encrypt any of its data, leaving anyone who’s looking for it all the information they’d need to gain access to the lock and open it up. PenTest Partners also snapped the lock with a pair of 12-inch bolt cutters. So, really, maybe don’t buy a smart lock?
You can watch the full hack below. It takes less than 10 seconds.