Watch engineers hack a ‘smart home’ door lock

I wouldn’t call it a hack if he developed the app and lock himself I would like to see a different hacker actually hack it himself.

Two fundamental issues I see with this video. 1) These "hacks" are entirely based on an owner downloading a 3rd party app from an unverified developer. That's like taking your keys to a shady kiosk to have them duplicated, and the kiosk making an extra copy of your key. 2) It's not like our current locks are un-hackable. Burglars have been using lock picks for ages.

Yup, going back to flip phones. Closing up my windows like if theres a apocalypse. Getting a tiger to protect my door. writing all information in a freaking book then put on the tiger.

So that’s blue tooth only right? What if you took that out of the lock? Can it be hacked then too? Or is it only local to the physical lock itself? Thanks

Umm... Wouldn't you need the homeowners address? And besides what good does it do them when the alarm goes off which isn't connected to the SmartThings device?

I recently had a rental house re keyed and it takes a locksmith maybe 5 minutes to pick the front door. nothing new here

As interesting as this is, you used a developer SDK on a test version that was never sent for approval. What would be impressive is if the apps you deployed were on the store and made it past their safety checks. Just because you can make a piece of software work on a bench doesn't mean it will go live. Windows/Android/iOS and other platforms have checks to prevent this type of thing(which I admit are not foolproof)

Good thing is that Zombies don't know about hacking in an apocalypse

When you sent the message to the lock, your leaving the trail that you weren't

The "Beware of Dog" sign is the best cost affective deterrent against impulsive criminals AND you dont even need to own a dog to use it

That's a small house

And if it has no conection of any kind only code, fingerprint or cards?

Just watching this doesn't look like the initial attack, both require access to the Smartthings IDE so make sure you have 2FA on. The Third party app may reveal a passcode change but does not reveal the locks location. So do not put street address as your hub name. What is really disturbing is that the spokesman says they let Samsung know but doesn't say when or what their response was... Going public like this is just creating FUD and does not add to the security. EDIT: Just noticed this is at least 2 years ago Wired just published on facebook... WTF

With this being 5 years old, can you provide an updated version?

so you wrote a keylogger app, that's not really hacking in my mind, it's just malware.

When you sent the message to the lock, you left a trail that you were there

What about finger print id

As I have always have thought, key and lock will always be the easiest and cheapest way to, well, lock your door. If this digital lock is more expensive and yet provides no greater safety, what's the whole point? All the fluff is bullshit anyway, what's the point of opening the door remotely anyway? If you know me personally and need to get into my house for one reason or another, come see me and get the key yourself!

i just use bolts with 3 inch screws. We do have Smart tech here though, and never thought of getting smart locks. Just out of curiosity does Samsung encrypt these gadgets? Why would anything security wise accept extra coding? Set up should accept a code of up to six digits, and accept no extra code. If you need that then send it back to the manufacturer.

Thank you,most informative and well narrated

It's easier to kick the door open, or smash a window.

So they didn't really hack a door lock, which is what I came here for, they put some spyware crap on a phone. Yawn.

If I buy a £100 for font door it can be picked open if a buy 300 400 smart lock if can be hacked WTF

Ya know a good old fashion boot or crow bar can have the same effect XD

well good thing i'm too poor to afford nice locks :D i just use bolts.

he looks like panda

Thank you for this, I do not want one! Key is find with me.

The only reason this is possible is because Samsung opens the door to 3rd party apps, there are two ways it can be patched. 1. You make it so only Samsung has the ability to create the smart apps or 2. Samsung rewrites the platform so that 3rd party developers don't have access to personal/private variables such as pin codes and passwords.. etc

So both attacks require the "victim" to install malicious software from third parties?.. Got it.. they deserve it then.

Do you want to develop an app?

Wouldn't connect door lock with a smart home....

26 people just installed that system......

Just watching this doesn't look like the initial attack, both require access to the Smartthings IDE so make sure you have 2FA on. The Third party app may reveal a passcode change but does not reveal the locks location. So do not put street address as your hub name. What is really disturbing is that the spokesman says they let Samsung know but doesn't say when or what their response was... Going public like this is just creating FUD and does not add to the security.

great price easy to set up.

0:47
Pun intended.

Came here after watching the id channel where a security guard hacked a girls smart lock and killed her

Please, don't miss land to peoples. Can you show a hack of Samsung and Yale door locks?

Let's see will i hack their door lock or just break the window right beside it .. tough choice for criminals

Just use a lock pick.

why in the array you pass 8 as a number but 5500 as a string 😅

It is definitely ill advised to hook up your electronic door lock to your phone or any other gear of any kind, especially IOT devices are a no-no.
If you're going to use your smart lock with an RFID tag, use a shielded tag, where you have to slide part of the shield away in order to open your door.
Presumably, no lock will ever be perfect, but you just need to make it difficult enough to not be worth the time/effort for the burglar. For regular people, this should work out ok.

sharks crossed with tigers fitted with lasers guarding the door......
problem solved....😎

Not very impressive when you hack your own lock

This is a phishing attack. The vulnerability isn't on the lock or the official software but on the end user. This only works on people with absolutely no knowledge of technology who will not buy a smart lock in the first place.

🙄 🤦‍♂️ this is about the same as sharing your real keys with a store to duplicate your keys while you keep shopping - which you should never do. Maintaining best practises is the REAL story here. At no point was the technology a problem. The users actions were!

my access code to my house is 357,... come on over.

Please, you can teach us to speak like this, Lock!

If a criminal element is capable of doing this, then they deserve whatever they can snatch from inside my house.

Looks like something that a traditional lock company would commission. Obviously BS, as other comments point out, but sows just enough doubt.

As you can see, clearly, after I submitted some JSON... the lock opens xD Is this an April's fool in the wrong month?

Still dont know how. This didnt show me shit

I thought 3rd party apps available on the play store were vetted by Google and checked for malware? I would never download an app without play protect.. I'm pretty sure that's the name of Google's vetting service..

SmartThings is so expensive and apparently now insecure. Buy somethings else. $40 for a multipurpose sensor. It should cost under $5. The production cost is well under $1.

I highly doubt that a Indian hacker would break into peoples homes... 😁

Usually the software is crap 😅

Dang and I bet they went as the University too. If it was the kid individually. They would of payed him I bet. Shame

30sec in and my stopped working I was like I got hacked to😭😭 high moments

As u can see

Why so many dislikes?

How is this trending?

Jesus fucking Christ, I’m being stalked someone comes in and helps themselves to everything and anything, every time I leave my home. I just bought a Yale living lock, and I watch this shit! I might just as well leave the damn door open! I don’t understand why this is even allowed on here to show everyone how to do it? My life sucks!

Do that with samsung pay

These guys are trying to get money from Samsung lol

lass="content">
Access Denied
We're sorry, but you are not authorized to perform the requested operation.

that's just tricking people to give you their password not hacking

neat

So not hacking just watching some dudes unlock a door with an app...lame

Or you can stick a pin in the hole at the bottom of the keypad.. its the release.. but either way if i want to break into a house i dont care what kind of smart crap they got. Or door locks, whatever. The only thing that would deter me is a posted sign and the sight of a cctv or camera system or if they had bars over all their windows and metal case doors with metal frames.. thatd be a house youd break in and never come back out alive.. or in handcuffs.. rig up those grates that slam closed over every window and door and a speaker sysyem indoors. somebody breaks in and all the sudden shit closes and a-voice comes over the intercom, “would you like to play a game?” Lol. Ask em where they live and go steal their shit leave a note “ good game” then let em go...

"Thousands" so not a lot.

Why the fuck people need mobile to unlock their doors. What happened to old fashioned keys.

This is why you don't download 3rd party apps...

Their on android says it all really

no lock is fool proof, I rather have a huge deadbolt that someone has to pick or break into rather than electronic locks

amir narini :)))))))))))))))))))))))

AR RAHMAN

Bought this one because the older version th-cam.com/users/postUgkx0jZ_lGlDVJhDnmagEU8gn47cmfPNlLQ had was really choppy and would disconnect from the wifi ALOT, was not catching everything and every week j had to charge it. So far the picture quality on this one is exceptional. I also bought a solar panel with it so I will see how this all turns out.

Chrome enthusiast "hacking" with JSON. Okay.

and the hacker is Indian, why am I not surprised...?

Every time you call a REST API you need to have an authentication token generated when you initially logged in using your smart phone. But now this '''hacker" did not pass an Auth token in JSON which is bullshit and real lock makers don't make such crappy REST API. In short this demo is shit and assumes lock manufacturers are dumb which they are not.

I don't like the this door hacking method, it reminds me of my great-great uncle who was a Nazi during WW2, he killed tens of thousands of Jews, gay people, mentally Ill and deficient. He was a monster and the door lock is just like him.

This guy hacks with a freakin ios system, I thought hackers preferred linux.

This isnt really realistic, as you arent likely to use an app the guy whos going to be your burgler has created😂
Neither should you have to be worrying about the company that creates your lock, putting maliciouse stuff in there
Something more realistic would be a hacker sitting in his car near your house scanning bluetooth weaknesses to get into your doorlock and open it, or sniffing your home wifi to somehow find out more about the doorlock and maybe your account and somehow gain access to that
But this is just totaly stupid
Am i supose to expect a company that probertly makes milions selling smart locks to also go afther my 400 euro tv😂 ?
Or some app develloper that is smart enough to make a official looking app, for a smart lock to be intrested in stealing my 80 bucks airfryer ?😂