BSides Oslo 2019

May 23rd, 2019 at MESH

Smart Locks: Dumb Security

Time: 16:00
Length: 45 minutes

The rise of cheap, low-power communication technology has been most prominent in the fields of locks, where the traditional model of a key, RFID reader or magnetic stripe does not work for many use cases.

This talk will demonstrate how the designers of many smart locks failed to fully consider security and in many ways made the smart locks weaker than their low-tech equivalents.

And yes, some of these methods will be destructive, at least insofar as can be done in an unventilated room.

David will review several smart locks that were designed for convenience, and point out the security flaws and attack vectors.

These attacks will include:

David will bring some padlocks for audience members to have a go at with bolt cutters themselves, just to see how weak most padlocks actually are.

We will focus on the Nokelock series of products, the SLOK lock and Ultraloq, including demostrations of how the protocols were reversed and how a python script or Android device can be used to unlock these padlocks.


David Lodge

David Lodge is a grumpy Yorkshireman who has been doing this sort of stuff for too long. He is a pen tester by day, pretender at hardware by night. He likes taking stuff apart, but is unable to get it back together afterwards. He's only doing this because he's never been to Oslo and to try and get a free ticket. He is secretly hoping that no one will be present at his talk.