The Internet of Everything is the general trend of the times. It is undeniable that the Internet has brought great convenience to life, but last year 315 exposed the hidden dangers of smart homes, which really caused a wave of panic in the society. For smart home products, the general public is still most concerned about safety. problem.
When it comes to security, the most sensitive smart home product is undoubtedly the smart lock. It is not only a hardware product, but also represents an indescribable sense of security. There are hackers and BUGs on the Internet, and any product networking has hidden security risks of being attacked by the network. So what are the common security risks in smart door lock networking?
At present, the common "interconnected smart door locks" have hidden safety hazards mainly in the following two aspects:
First, there is a risk of the door opening data command being stolen.
A major feature of the smart door lock is to replace the traditional mechanical key with an electronic key, and the instruction to open the door is a string of electronic keys. Some smart lock manufacturers that do not have the technical strength do not even encrypt the command data for opening the door, or simply borrow the encrypted channel of Bluetooth itself. These practices are not advisable. Command data can be easily stolen, posing security risks to users. Whether it has a sufficiently high-level encryption algorithm and strict security strategy is one of the hard indicators to distinguish the strength of smart lock manufacturers.
Second, the server is attacked leading to the risk of key leakage.
The keys of some smart lock manufacturers are stored on the server. Once the server is attacked, there is a risk of data leakage. On the other hand, there is also a risk of guarding theft.
Smart lock manufacturers can choose not to store the user's key security mechanism on their own server, and neither company insiders nor hackers can obtain the key to open the door lock. Of course, such manufacturers must be able to solve a series of problems caused by users forgetting their passwords and losing their mobile phones in a closed loop. Solving these problems is more complicated. Therefore, users need to be reminded that they cannot simply trust the security of the smart door locks advertised by the manufacturers. To achieve a complete security strategy, a large number of technical means are needed to ensure the manufacturer's technical strength is still very important.
On the other hand, once these key technologies are solved, the security of smart door locks will be a qualitative leap from traditional door locks, which is an improvement of several orders of magnitude (the difficulty of cracking increases by 10 to the power of N, and the security is increased by several thousand times. ).
Regarding the safety of smart locks, two unsafe concepts that users need to understand?
1. Remote unlock
In order to solve the problem of not bringing the key and sending the key, some smart lock manufacturers have designed a remote unlocking function. However, as long as the door lock has the remote unlocking function, there is a security risk of being attacked by hackers. Although the security risk can be achieved theoretically, no software is completely free of loopholes so far. Once the hacker attack with this mechanism is successful, all the installed door locks may be opened remotely, which poses a huge security risk. Moreover, the risks taken by a hacker sitting at home and remotely opening the door lock and a thief with tools to pry the door are completely different, which makes it more convenient for the "educated" bad guys.
2. Online password
Sending a password remotely is another solution for smart lock manufacturers to solve the problem of not bringing the key and sending the key. However, using the "online password" mechanism to send passwords has inherent security risks equivalent to "remote unlocking". Once the server of the door lock manufacturer is controlled by an attacker, all door locks can be set to the simplest and consistent password, such as "123456", which is permanently valid, is synchronized with the door lock in real time through an online mechanism, so that all installed door locks can be opened with this universal password.
However, smart locks in some occasions must adopt this strategy, and smart lock manufacturers need to open the smart lock. Some bicycle smart locks may adopt this strategy. Although the security properties of this smart lock are not high, it will only affect it if it is cracked. As far as the bicycle itself is concerned, it is difficult to involve the user’s property and personal safety, but if it is used in a personal family, safety considerations are not enough.
The "remote unlocking" function and the "online password" mechanism inherently still have a lot of security risks.
So is there a safe solution to the pain point of "no key, send the key"?
The answer is of course yes. The problem of sending the key can be solved with the one-time password function. The so-called one-time password means that when a friend arrives at the door, the owner can send a one-time password via SMS via APP. This password will automatically become invalid after being entered once, and it is generally time-limited. Of course, the above-mentioned one-time password must be an "offline password", that is, this password can be implemented when the door lock is not connected to the Internet.
The implementation mechanism of the "offline password" technology path is that when the door lock is registered, the door lock and the APP/server system will negotiate an algorithm seed and the corresponding algorithm, and then at any time, if the password is to be used, the lock and APP/server The system will calculate according to the algorithm seed and algorithm negotiated during registration, so even when the lock is not connected to the Internet, you can send the one-time password to the other party through the APP. Conversely, if the door lock is also connected to the Internet when sending a password, it can only be called an "online password".
The security of the door lock interconnection is completely achievable, and the security is not based on the user's cognition, but mainly depends on the security strategy selection of the smart lock manufacturer. Whether there is enough technical strength to provide absolutely safe services will become one of the core thresholds for future smart lock and smart home manufacturers to compete. It is a choice to be a responsible company.
Insulation Paper,Electrical Insulation Paper,Paper Backed Insulation,Recycled Paper Insulation
Longkou Libo Insulating Material Co.,Ltd. , https://www.sdliboinsulation.com