Intelligent door lock burst security vulnerability: as long as a film, everyone can open your "home"

Home > Sci-Tech

Intelligent door lock burst security vulnerability: as long as a film, everyone can open your "home"

2018-04-16 10:25:19 134 ℃

intelligent door lock is regarded by the industry as the first entry level product of smart home. However, the booming market prospects, however, make the market of intelligent locks different. Some manufacturers directly copy the mobile phone fingerprint identification scheme to the smart door lock. According to the IT Times reported before, "a variety of cell phones appear fingerprint recognition Bug, after patch, everyone can be unlocked." This hidden strategy of loopholes in the self learning function of image algorithm is copied to your "home door", and then comes the hidden danger of "everyone can solve". The industry is worried about the current solution, mobile phone with fingerprint recognition vulnerabilities, is widely ported to the smart door lock.

Samsung, green rice, easy to break a

membrane, can break the fingerprint fingerprint unlock, a membrane can also crack a smart door lock.

Suzhou MINDRAY Microelectronics Co. Ltd. to "IT times" reporter broke the news, they only took a piece of film, it has cracked the high-end Samsung DP808 smart price up to 7000 yuan lock and millet ecological chain enterprises of green rice production Aqara intelligent door lock. In the experimental process of

display, the technician first emptied the system to prevent cheating in advance. After registering a fingerprint, he put the prepared membrane on the door and unlocked several times with the registered fingerprint. After that, the intelligent lock was successfully unlocked by other fingerprint. Such operations have little to do with the previous cracking of Android handset fingerprints.

even worse is that the film is not made by special materials or technologies. MINDRAY micro chairman Li Yangyuan revealed that the film is conductive tape with a conductive pattern. "There is almost no threshold for conducting a conductive pattern, and a few of the simplest conductive strokes can also be formed." The reason behind

is the analysis of Liu Jun, the founder of fingerprint lock algorithm, Shanghai Zheng Zheng. It is very likely that these chips will be mixed with traditional fingerprint feature point algorithm and image algorithm, and later will be the main judgement basis. Because the self-learning function exists when a conductive pattern with tape partially covered sensor registered fingers after a few times, will the fingerprint sensor to the tape containing the pattern of "learning" in, then any finger trigger to collect the tape containing pictures, can be unlocked.

"this is the error of the algorithm's decision. When the two fingerprint patterns are only partially similar, they should be rejected when the other is different. " Liu Jun said.

is currently the only intelligent lock - each one sticks to his argument is the mandatory implementation of standard mechanical lock implementation of the standard "GA/T 73-2015", which clearly pointed out that China mechanical lock is divided into three grades ABC, the difference between grades is the open duration. In Li Yangyuan's presentation, the placement to crack is only for dozens of seconds. The key technology is the A-level lock with the lowest safety coefficient, and the matching one lock and cross lock have been eliminated.

and private mobile phone is different, as the first hurdle of home security, smart locks completely exposed, any person including criminals, can real-time contact affixed a layer of thin film, the user unaware of the circumstances, to achieve crack. Li Yangyuan said, "the security of the lock is about the safety of the person's personal property." Even one percent of the probability of being cracked is a major security risk. "

in order to understand the deeper reason, Li Yangyuan the dismantling of the Aqara smart locks, discovery algorithm chip from Hangzhou Shengyuan data security technology Limited by Share Ltd, model AS608. In the official page shengyaun available, AS608 has made it clear that the self-learning function, and high rate of recognition by.

shengyaun reply said, did not have direct business dealings with the green rice, the video details need to be verified, the mobile phone industry vulnerability issues, they have taken corresponding measures to solve. Green Rice said, video photographer deliberately created, seriously inconsistent with the facts, due to the company's products trade secrets, solution Aqara intelligent door lock using the chip and image recognition algorithm is temporarily unable to open, and has passed the "Ministry of public security and police electronic products quality inspection center" test, fully meet the the corresponding national standards, in line with mechanical anti-theft lock, fingerprint anti-theft lock, password lock corresponding industry standard.

and Li Yangyuan on the "IT times" reporter said, the solution of green rice fingerprint lock, favorable crack method and CCTV "orange skin" in the use of mobile phone solution fingerprint lock, security vulnerabilities that risk level: "I am willing to break the company and MINDRAY micro green meter display video real fingerprint lock the level of risk and vulnerability for judgment."

as of the press release, Samsung officials did not respond.

unlock quickly, is not necessarily a good thing according to the national

lock industry information center data display and forecast, Chinese intelligent lock market is rapidly expanding in 2016, only 3 million sets of circumstances, 2017 intelligent lock market capacity is doubled, the scale has more than 10 billion yuan, the amount of demand in 2018 Chinese intelligent lock Market 13 million units, is expected to compared to 2017 growth of more than 60%, the size of the market or will be close to 20 billion yuan.

's huge market has prompted many enterprises to cross the border into the intelligent lock market. BYD, Midea, ZTE, SKYWORTH, Hui Ding and so on. Appliances, hardware, communications and mobile phone companies are trying to get a slice of the market. In early April this year, the hammer mobile phone conference, hammer technology and advantages of science and technology Luo Yonghao jointly launched a variety of fingerprint lock. Li Yangyuan analysis believes that some new brands do not have the knowledge and experience of security products, and use the supply chain of mobile phones optimistically. The deeper reason for

was that Liu Jun thought it was related to the price war. According to the statistics of relevant departments, the price of the mainstream intelligent lock will fall from 3000 yuan over 3000 yuan to 1500 - 2500 yuan in the first two years. "Some enterprises set off the price war after entering the lock market, and the price of our goods fell 20% last year. Therefore, some manufacturers will choose cheaper 160X160 small area sensors, because the area is limited, which is not very suitable for fingerprint structure feature point comparison. Many manufacturers combine the algorithm with high rate and good experience. Liu Jun said.

and Samsung and green rice represent two kinds of different style lock industry manufacturers, the former is the traditional lock enterprises, the latter is the new generation of lock enterprises, both have the same problem, the industry believes that this is at least a industry alert signal, many manufacturers are the fingerprint identification scheme with mobile phone vulnerabilities ported to the smart fingerprint lock on. The development trend of

has made the people in the industry very worried. "We found that even using the same vendor's fingerprint identification algorithm chip, the vulnerabilities of different door lock brands can be used in different risks. So, smart lock makers are likely to give up security in order to pursue the so-called 'use experience'. Li Yangyuan added, consumers may think this door lock is very good, quick and convenient to lock, so they choose to buy, but they are totally ignorant of the hidden danger.

in front of consumers is that some vulnerabilities can be upgraded through background upgrade, and some vulnerabilities are hardware level, which needs to lock and shop, remove locks, upgrade firmware and install them back. People in the industry said that such a "recall" for enterprises is very high cost, almost impossible to achieve, intelligent lock will become a "one hammer sale".

Li Yangyuan appealed that the relevant market supervision and management departments should carry out cross industry supervision for technology middleware, especially set up a mandatory middleware technology standard, such as encryption chip, and guard against "bad money drives out good money". You may also be interested in


elevator to lift the "bloody" trendy "cheap" challenge "big brothers" the