Can Somebody Hack my Electronic Lock?

The short answer is: yes, there are ways to unlock your electronic lock but you probably have nothing to worry about; the people with the knowledge to do so most likely have bigger fish to fry.

To protect against unauthorized entry we must consider motivations for the would-be intruder. The most obvious one is theft. Another possibility is squatters: if they get the code they can argue they legally live there and legally you have to prove that they don’t have permission to be there. It might be six months or more before the cops will remove them. We’re over a year now during the pandemic with no legal evictions outside of unusual circumstances. In that time squatters will probably total your residence.
One must also consider the terrible possibility not of what might be taken but what might be left. There are publicized cases of people being framed for possession of child pornography for example. All one need do is gain access to a person’s house or office with a usb device loaded with child porn and load it on their computer. Even if the computer is password protected, with physical access it isn’t difficult for somebody with arcane knowledge to put the files on a locked computer. Then they just call the FBI to report it and boom, your life is ruined. That’s worse than anything a burglar could steal. They’ve essentially stolen your life at that point.

But how do these villains gain access in the first place? Let us consider some of the ways one could gain unauthorized access. The low tech way would be to watch you put in the code. Then they have the code!

The high tech way to get in would be to reverse engineer the lock to find hardwired codes or other vulnerabilities that are common to all locks of the same model. There are people attempting to do this. Other methods might include man in the middle attacks that detect the communication between your phone and the lock or your zwave controller and the lock.

  1. The guy in the bushes

A lot of locks have a code that needs to be punched in to unlock. That is an issue if somebody is watching you put the code in! Think about whether or not somebody could see you put the code in from behind a tree or a bush.

Now that electronic devices are cheap and prevalent there is another danger that I must admit I’m a bit afraid to even utter for fear that I will let an evil out of Pandora’s box that can’t be put back in: small videorecording devices that can be put somewhere near a person’s door could record 24 hours of video on a small microsd card and if properly placed could record somebody punching in their code. When you put your code in, cover your hand with your body and your other hand.

A bit more money and they could have access to telescopic lenses. In the city there are possibly many windows facing your door and one of them might have a recording device with a telephoto lens aimed at your door. That is why you must cover your hand when you put in your entry code. Now people can buy drones that hover in one place for hours at a time from hundreds of feet up in the air with telephoto lenses, all for less than $1500.

Then think of the ways somebody could see what keys you had pressed on your keypad. Your fingers leave oils that are visible under different kinds of light. One can also leave an invisible dye on the doorknob which would then be spread on the keypad. If you have a 4 digit code there might be 16 combinations to try. At this point I should give credit to Yale. They change the location of digits on the keypad every time it is activated. This spreads oils around the keypad. It also means somebody with a telescope won’t necessarily be able to figure out the code by watching you enter it. If they don’t see the number being entered but just what part of the keypad you are touching they won’t get the code. This is a brilliant innovation.

There are other methods of more interest to movie studios and government actors. The methods used to authenticate are getting more complicated and with more complication come more possibilities for exploits. Zwave and Bluetooth implementations aren’t always done securely. Many software engineers have told me they refuse to have electronic locks installed because they’ve seen the codebases for different hardware devices and all of the shoddy code on them.

Published by

Bjørn Madsen

I am the Seattle locksmith you've been looking for. High Quality work at a reasonable price delivered in a timely fashion.