Lock-picking smart locks with Bluetooth: Using replay attacks to open apartments. π§ ππͺπ±π¨
A group of security researchers from UC San Diego (U.S.) presented their analysis of smart locks from Master Lock earlier this year. You may be familiar with these locks if youβve ever used self check-in on popular apartment rental services like Airbnb, Vrbo, or Expedia.
From their analysis of the Deadbolt D1000βs architecture, the team found multiple design flaws that allow attackers to unlock doors, forge logs, and disable locks.
Remember the βPing of Deathβ? What if I told you that you could brick a smart lock just by sending between 610 and 6,561 bytes of data via Bluetooth?
More details:
No Key, No Problem: Vulnerabilities in βMaster Lockβ Smart Locks
Paper [PDF]: https://www.usenix.org/system/files/woot25-diao.pdf
Slides [PDF]: https://www.usenix.org/sites/default/files/conference/protected-files/woot25_slides_diao.pdf
