Uncategorized

Researchers crack Bluetooth locks with potato chip boxes and Raspberry Pi

Directional antenna made of potato chip boxes and Raspberry Pi. (Image: Fraunhofer SIT)

Researchers at Fraunhofer SIT have succeeded in cracking Bluetooth locks from the US manufacturer Tapplock – with potato chip boxes and two Raspberry Pi.

Researchers at the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT) have discovered and exploited two serious security gaps in the Tapplock One and Tapplock One Plus Bluetooth locks. All they needed was a self-made directional antenna made of potato chip boxes and two commercially available Raspberry Pi.

Tapplock One: Security gap still open

The US manufacturer Tapplock, who was informed of the gaps, has meanwhile responded, but only updated one of the two Bluetooth locks, as stated by the Fraunhofer SIT is called. Accordingly, Tapplock has not yet improved the Tapplock One model. The padlocks can be unlocked with a fingerprint and a Bluetooth connection via an app. Advantage: You do not need to bring a key with you

A disadvantage, however, is that the locks obviously don’t take too much effort to crack – at least as long as they offer security gaps like the Tapplock models. The researchers at Fraunhofer SIT were able to successfully implement two attack scenarios in which they did not leave any traces of burglary. According to the researchers, “low technical and financial resources” are sufficient.

To demonstrate the whole thing, the researchers used an “attack tool” in the form of a directional radio antenna, which was built from potato chip boxes and Raspberry Pi mini computers, among other things. In the first attack scenario, the researchers used a so-called man-in-the-middle attack, in which the attacker switches on the Bluetooth connection between the lock and smartphone.

Almost finished!

Please click on the link in the confirmation email to complete your registration.

Would you like more information about the newsletter? Find out more now

Two attack scenarios for Bluetooth locks

If the attack victim locks the lock, the data also run on the attacker. After the lock is locked, the attackers maintain the connection and simply send the communication data necessary to open the lock again.

According to the researchers, the lock can also be opened using a replay attack. The closing process – Tapplock relies on a challenge-response process here – is recorded once, for example with the self-made directional radio antenna. If the lock is unobserved, any number of queries can be started on the lock. A connection to the lock is not necessary. According to Fraunhofer SIT, the previously recorded challenge is repeated after about 30 to 60 seconds – and the lock opens.

You might be interested in that too

Leave a Reply

Your email address will not be published. Required fields are marked *