Security News > 2020 > April > ‘Unbreakable’ Smart Lock Draws FTC Ire for Deceptive Security Claims
The Federal Trade Commission has slapped Tapplock, the maker of smart padlocks that it bills as "Unbreakable," with an official complaint that could lead to fines down the road. The agency alleges that the company engaged in false and deceptive claims about its security practices, after the lock was shown to be hackable.
The $100 Tapplock smart locks are internet-connected and use fingerprint biometrics for security.
According to the complaint, one of the flaws at issue allowed researchers to lock and unlock any nearby Tapplock smart lock due to a lack of encryption around the Bluetooth communication between the lock and the app.
"Researchers were able to easily discover and replicate how [Tapplock] generated the private keys necessary to lock and unlock user's smart locks," according to the FTC complaint [PDF], filed this week.
The locks in question are dubbed "Mobile keys" because of their reliance on mobile phones as opposed to card-based access such as those based on mag-strips and RFID. Also last year, pen testers said a keyless smart lock made by U-tec, called Ultraloq, could allow attackers to track down where the device is being used and easily pick the lock - either virtually or physically.
News URL
https://threatpost.com/unbreakable-smart-lock-ftc-deceptive-security-claims/154600/