These gadgets “typically include less powerful Processor cores, cheaper sensors, and do not provide the same level of protection as a smartphone,” according to Kerrison’s assessment. Based on the value of the product or what the sensor is meant to protect, this is usually seen as appropriate. By building a proof-of-concept device that could connect to a smart lock via Wi-Fi and, using an attack or an accessible debug interface, alter the firmware of the lock with instructions to collect and upload fingerprint data, Kerrison was able to demonstrate the issue. Disassembling the lock and utilising onboard debugging pads to attach it directly to the controller would be an alternative.
Consumer smart locks are easily vulnerable, making it easy for attackers to collect specific people’s fingerprint patterns, claims a recent study. This week, research from Singapore’s James Cook University demonstrated how a hacker might use inexpensive hardware and extremely fundamental hacking techniques to stealthily collect fingerprints using the drop lock smart lock cracking technique. Steven Kerrison, an author and senior cybersecurity lecturer, asserts that the hardware limitations of lo T smart locks are to blame for the issue. Smartphones or tablets store fingerprint data and other biometric data inside secure hardware enclaves, in contrast to low-end Internet of Things devices like commercial smart locks, which lack dedicated safe storage.
Anyhow, when engaged within the controller’s range of the attacker, the lock would be able to offer details about the target’s fingerprint, which could then be used to further biometric hardware.