The digital lock, a question of computer security
The advantage of these connected tools is that they are very practical.
For example, they allow a child who has lost his keychain to be able to enter his home without worry or allow a parent who unexpectedly passes to access the home through a virtual key. But their connected nature, most often poses the problem of security.
This article will also interest you: The computer threats of new connected tools
These are the tools that are quite popular in the United States. In France, on the other hand, the deployment of such a system is very slow. On the other hand, there are different models and modes of operation, this is what marks a great variation of this connected product. While there are some that complement the locks that already exist, others have completely replaced them. There are some models that can be unlocked with an object that takes the form of a key, a key ring or even a bracelet. For some models just type a code for the door to open while others have Bluetooth speakers allowing the user to unlock it through a smartphone. It is through this process that it is possible to send a virtual key to another person. Taking this specification into account. These digital locks must be quite solid not only mechanically but also technically and computer-savvy. Because the first danger will not be a classic break-in but rather a hacking.
According to an investigation conducted near the specialists of the Newspaper Le Monde, it has been revealed that in the majority of cases digital locks did not respond not to the required safety standards. According to Anthony Rose and Jake Krasnov, 70% the locks tested had a level of safety deemed "zero or poor." Our researchers will note: "At the time, we found errors in the many products sold as safe." However, today, the latter believe that the level of security of its tools has still increased evolution: "Many companies are now taking the time to design Robust applications and secure[les communications]. The idea is to make an attack cost the thief too much, or take too long compared to another type of attack[mécanique par exemple]. however there are still a lot of connected locks in the market that cut back on the market security. »
On the side of the National Centre for Prevention and Protection (CNPP), the director of the laboratory malice pole, Hervé le Coq and Ibrahim Daoudi, a computer engineer also noted that the security level of digital locks has increased significantly since 2016. The institution officially recognizes that the lock meeting the A2P standard are quite resistant they can offer their user adequate protection. At the moment, I do not know how to pronounce on those that meet the standard A2P@, whereas the first locks that worked with this protocol received only one star out of 3. "This corresponds to a level 1 attacker, a "kiddie scrip[un débutant]t" who, to schematize, reproduces break-in tutorials spotted on YouTube. We have not yet tested a lock that deserves a second star, and would therefore be able to resist a computer scientist with little hacking knowledge. Even less to a level three attacker, a malicious cybersecurity expert. Furthermore, "it is not completely impossible that one day we will remove the digital certificate A2P@ to a connected lock, if a significant weakness is identified. ». Noted the head of the CNPP. Because in practice, it is totally impossible for computer security experts to predict all security vulnerabilities without being confronted directly by an attack.
As such, there is always a vulnerability regardless of the security means deployed."One thing you can't plan for is the new computer flaws, the zero-days. They can introduce a weakness that the designer never considered, he or the potential subcontractors who help him by testing the safety of the device before its release. Anthony Rose explained.
Now access an unlimited number of passwords: