Bluetooth Security Notice

BLUETOOTH SECURITY - DEFCON - QuickLock

Anthony Rose recently discussed issues related to Bluetooth security and the Quiclock doorlock, & Padlock:
https://www.engadget.com/2016/08/10/researcher-finds-huge-security-flaws-in-bluetooth- locks/

The QuickLock solution uses two mechanisms for opening and access. (RFID and Bluetooth). The electronic codes necessary to open are passed wirelessly and are unencrypted (by design) to allow vendors flexibility when integrating the bluetooth device into existing platforms. Because keys are passed wirelessly, they are open to Bluetooth hacking only for a few seconds, when a hacker is within range of the device. However, this level of security is similar to a standard lock and key scenario! Standard mechanical devices offer far fewer benefits than Bluetooth connected locks!

Bluetooth Electronic keys: To obtain the Bluetooth electronic key for quicklock, a Bluetooth hacker must setup a device within proximity of the lock and wait for the lock to be activated by the user. Standard quicklock protocol keeps the lock in low power mode to conserve battery life, so the hacker must wait or setup equipment within a few feet of the device in continual capture mode. Once the lock is activated, the hacker must then intercept the communication sent by the user. This transaction must be done in short range of the device and at the precise time. The probability of this occurring is debatable but it is admittedly possible. This risk is reduced because the device is pushed to wake! The Quicklock electronic solution is better security than a standard mechanical key that can be easily taken and copied by any low tech individual. The electronic doorlock has no possibility of being bumped to open!

Quicklock RFID Key security: Every Quicklock system also has the ability to learn and use up to 50 RFID keys. These keys can be programmed to any lock. The electronic exchange for this transaction is much shorter (less than 2 inches), but it would be possible for a thief to steel a RFID key that is already programmed to a lock and then make a duplicate RFID key. Again, this threat is analogous to a standard mechanical key being stolen but a mechanical key offers far fewer benefits and does not require a high tech individual hack attack.

The real threat: With a standard padlocks and doorlocks users posses mechanical key to open. Keys can be copied or stolen but some effort must be taken to protect the key from falling into the wrong hands. Even with a digital keypad, like on most cell phones, a user must protect that no person with ill intensions is peaking over the shoulder to get the access code. With most Padlocks, thefts most often occur when the lock is cut. Many mechanical doorlocks can be bumped easily but thefts occur most often when a window is broken and entry is forced.

The Advantage of QuickLock: Users of the quicklock system recognize the benefit of quick access and the ability to use multiple keys. Many users of the products never update the default password and when they call for tech support our first option is to have them try the default Bluetooth password– which often works. With Bluetooth the Quicklock can keep record and report who is opening when and on what platform. The device is great for inventory tracking and Lock-out-tag-out where many of our customers are concerned about tractability and access more than security. Having multiple ways to open also offers users “immediate access” in times where getting the lock open must be done in miliseconds and fumbling for a key isn’t an option! The Bluetooth interface also enables unique ways to interact with the electronic device using a users cell phone interface. It’s not about just pushing the button on the app to open the device. It is often about programmability, traceability, tech support and visibility into the electronic device. For enterprise applications and custom locking solutions, higher levels of security are enabled as required.