Smart locks are sold as devices that can make getting in your home more convenient, but security researchers found a vulnerability that makes it easy for hackers and thieves to do the same.
On Wednesday, Finland-based security company F-Secure disclosed flaws with the "KeyWe Smart Lock," which marketed itself as the "Smartest Lock Ever!" The lock sells for about $155 on Amazon and allows for unlocking doors through a mobile app.
F-Secure's researchers found that potential hackers could intercept network traffic between the mobile app and the smart lock, essentially stealing the keys to someone's home out of thin air.
"Unfortunately, the lock's design makes bypassing these mechanisms to eavesdrop on messages exchanged by the lock and app fairly easy for attackers, leaving it open to a relatively simple attack," Krzysztof Marciniak, an F-Secure consultant, said in a statement. "There's no way to mitigate this, so accessing homes protected by the lock is a safe bet for burglars able to replicate the hack."
The security researcher noted that this attack could be performed through network-sniffing devices, some of which can be bought for as little as $10.
KeyWe said that it had fixed the issue through security patches, even though F-Secure's researchers found that its firmware doesn't allow for over-the-air updates.
"We are really sorry about this problem. Our users' security is our top priority and we are continuously working to resolve any issues and avoid them in the future," a KeyWe spokesman said in a statement.
Amazon didn't respond to a request for comment on whether it would continue selling the vulnerable locks.