Unauthorized Smart Lock Access : Ethical Hacking of Smart Lock Systems

Abstract: IoT devices have become more common in our everyday lives as they provide more useful features than traditional devices. One such device is the smart door lock, which enables homeowners to grant access on a user-specified level through digital keys and remote operation. However, as smart locks are meant to protect everything we own, they become an attractive target for attackers. This thesis evaluates the Yale Linus and Gimdow smart lock systems through a comprehensive security examination. In order to provide insight into the IT security of common smart locks on the market today and whether or not the companies behind the locks researched have implemented mitigations towards common attacks on smart locks found in earlier research. In doing so, Gimdow proved to lack basic security measures as an attacker could easily get unauthorized access. The Yale Linus system was deemed to have sufficient IT security as no immediate vulnerabilities were found.