Appsec EU Training

Smart lockpicking - hands-on exploiting software flaws in IoT

Belfast

Appsec EU

There is no doubt electronic locks are among the most profitable smart devices to attack. And yet recent disclosures of multiple vulnerabilities clearly show there are not enough specialists able to help with software-related issues to so-far mostly hardware vendors. This course is intended to fill this skills gap. Based on hands-on exercises with real devices (we will have fun hacking a dozen various smart locks), you will learn how to analyse their security and design them properly.

HackInTheBox Amsterdam

Blue Picking: Hacking Bluetooth Smart Locks (2h workshop)

Amsterdam

HITB Conference

Recently it seems our home/car/bicycle locks have started to follow a new trend: to include a BLE chip inside to make them “smart”. Unlike smart toothbrushes, socks or kettles, locks guard our safety, and their security should be much more of a concern. Vendors promise “military-grade level of security”, “128-bit encryption” and “cryptographic key exchange protocol” using “latest PKI technology”. However, recent disclosures of multiple vulnerabilities in smart locks clearly contradict the assurances on the actual security provided, and raise the question of whether these devices have passed any independent security assessments at all!