Gadgetory

All Cool Mind-blowing Gadgets You Love in One Place

  1. Gadgetory
  2. CNET
  3. Hacking a smart lock by voice

Hacking a smart lock by voice

2018-11-09
hey Google unlock the front door can I have your security code to unlock the front door okay unlocking the front door unlocking your door with a voice command is convenient but as you just heard most smart lock makers require a pin for added security and that extra step can be kind of a hassle if you want to work around it there is a way to do that hey Google unlock the front door okay unlocking the front door I created an IFFT recipe to get around the pin code it only works if you have a z-wave lock connected to a z-wave hub and you create a custom command for Google or Alexa like unlock the front door once you set that up and you ask it to do that action it'll go through the hub and unlock the door without asking for a pin code so setting up this recipe obviously makes unlocking your door more convenient but it also sets your home up for vulnerabilities like this okay unlocking the front door security researcher Brad render man Haynes brought this exploit to our attention and it works using an audio transducer like this one unlike a conventional speaker that vibrates a cone of material to produce sound and audio transducer vibrates the surface it's attached to turning the entire thing into a speaker so that's how my video producer Tyler was able to unlock our lock from the outside well the voice command recorded on a phone and the phone connected via bluetooth to the vibration transducer he held the transducer up to a window turning the entire window into a speaker and that's how Google was able to hear the command now obviously if someone we're going to exploit your home this way they would need to know a few key facts about your setup and if you were at home or you had if notifications enabled you would definitely notice still it's one reason why you should always use a pin code unlocking your door even if it is a little bit more of a hassle just to be clear in this video we use a Google home but the exploit would work with any voice assistant that allows a custom command like the exploit requires we asked August quick set and Yale about this vulnerability and all three companies confirmed that the customization option is possible but they discourage smart lock owners from unlocking without a pin and prioritizing convenience over security
We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.