Smart door locks offer sophisticated "access control" features to any home or business. Proximity sensors like Bluetooth and NFC can enable a door to unlock whenever an authorized user's smartphone approaches. Users can also remotely lock and unlock the door, or share access with any number of others, using mobile apps. Physical keypads provide a backup with many locks, but are no longer the main way to let yourself in. The following Channel Guide will help you: Many companies are active in the smart door lock market, including traditional lockmakers as well as startups. Here are some options that are currently available for purchase. "Keep the bad guys out and let the good guys in." Auto lock & auto unlock, no more fumbling for keys. Stop hiding keys under the mat. Create virtual keys for family and guests. Keep tabs on loved ones with instant notifications and 24/7 activity log. Keyless access for Airbnb hosts and guests. "The smartest smart lock ever."
Grant housecleaners, contractors and guests time-limited or recurring access and get notifications when your lock i used and by whom. Virtual keys, time-controlled and recurring access codes The RemoteLock connects to your existing WiFi router. No additional equipment needed! Receive emails or text messages when your guests arrive, or anyone accesses your property. Up to 1000 user codes or guest codes available to store in its memory Integrate with your Airbnb listing in under a minute "We put more in. To keep more out." 30 Access code memory capacity Bluetooth Connectivity - Apple HomeKit support Programmable up to 25 users Installs on standard doors in minutes with just a screwdriver Z-Wave Connectivity *Requires Z-Wave compatible hub Glue Smart Lock (Sweden based) Additional Z-Wave enabled locks The Gate: Gate enhances your deadbolt with a motion-activated camera, keypad, and 2-way audio. Access Control (List of compatible hardware)
ADT Access and Smart Locks Lowes Iris compatible door locks Closed / No Longer Available Smart doorbells add a few additional features to the typical smart lock, like providing streaming video of who's at your door and using facial recognition software to detect authorized users. Here are the options. The Ring Video Doorbell lets you answer the door from anywhere with your smartphone. Connects to your Wi-Fi network and works with iOS and Android... SkyBell is a Wi-Fi video doorbell with video camera, speaker, microphone and motion sensor. See, Hear and Speak with your visitor from iOS and... Chui - Chui is an intelligent doorbell that uses facial recognition to make your home keyless, secure, and individualized. Will include integration capabilities with other connected door locks Arduino Motion detecting video streaming doorbell For owners of commercial and vacation properties, it may be worth investing in more than a standalone smart lock. Access control platforms make it easy to manage multiple locks at multiple locations, each with their own shifting set of users.
Introducing the KISI Access Management Experience. Monitor access logs, share keys with employees, and unlock the door remotely with KISI. "Latch is the first smart access system that works for your apartment, your office, and your home." "The PointCentral keyless smart home system gives you the ability to eliminate the burden and risk associated with mechanical keys and take... ResortLock eliminates many of the hassles of managing a rental property, including managing guest keys, lost keys, early or late check in/outs,... The market for smart door locks is rife with innovation, and many promising gadgets are launched via crowdfunding and pre-order campaigns. If the feature set you need isn't available yet, you may be able to support a project that will deliver it soon. "Friday Smart Lock connects to your phone via Bluetooth or Wi-Fi, giving you the ability to lock or unlock your door as you leave or approach. "Nuki welcomes you home: Thanks to Bluetooth & GPS, Nuki automatically detects when you approach your home and unlocks the door for you.
"Ola: The world’s first keyless and phoneless Bluetooth enabled fingerprint smart lock. The longest battery life." "The Westinghouse Nucli Smart Lock gives you complete control over what happens at your door. Complete with fingerprint recognition, camera, voice... Yale Linus (Nest Integration) Still not sure on the proper connected lock for you? A smoke detector that sends you a text alert when your house is on fire seems like a good idea. An internet-connected door lock with a PIN that can be programmed from your smartphone sounds convenient, too. But when a piece of malware can trigger that fire alarm at four in the morning or unlock your front door for a stranger, your “smart home” suddenly seems pretty dumb. The security research community has been loudly warning for years that the so-called Internet of Things—and particularly networked home appliances—would introduce a deluge of new hackable vulnerabilities into everyday objects. Now one group of researchers at the University of Michigan and Microsoft have published what they call the first in-depth security analysis of one such “smart home” platform that allows anyone to control their home appliances from light bulbs to locks with a PC or smartphone.
They discovered they could pull off disturbing tricks over the internet, from triggering a smoke detector at will to planting a “backdoor” PIN code in a digital lock that offers silent access to your home, all of which they plan to present at the IEEE Symposium on Security and Privacy later this month. “If these apps are controlling non-essential things like window shades, I’d be fine with that. But users need to consider whether they’re giving up control of safety-critical devices,” says Earlence Fernandes, one of the University of Michigan researchers. “The worst case scenario is that an attacker can enter your home at any time he wants, completely nullifying the idea of a lock.” The Microsoft and Michigan researchers focused their testing on Samsung’s SmartThings platform, a networked home system that’s in hundreds of thousands of homes, judging by Google’s count of downloads of its Android app alone. What they found allowed them to develop four attacks against the SmartThings system, taking advantage of design flaws that include badly controlled limitations of apps’ access to the features of connected devices, and an authentication system that would let a hacker impersonate a legitimate user logged into the SmartThings cloud platform.
In the most severe of their proof-of-concept attacks, the researchers found they could exploit SmartThings’ flawed implementation of a common authentication protocol known as OAuth. The researchers analyzed an Android app designed to control SmartThings services, and found a certain code—meant to be secret—that let them take advantage of a flaw in the SmartThings web server known as an “open redirect.” (The researchers declined to name that Android app to avoid helping real hackers replicate the attack.) The researchers exploit that inconspicuous bug to pull off an intrusion worse than merely picking a lock: it plants a backdoor in your front door. First they trick a smart-home-owning victim into clicking on a link, perhaps with a phishing email purporting to come from SmartThings support. That carefully crafted URL would take the victim to the actual SmartThings HTTPS website, where the person logs in with no apparent sign of foul play. But due to the hidden redirect in the URL, the victim’s login tokens are sent to the attacker (in this case the researchers), allowing them to log into the cloud-based controls for the door lock app and add a new four digit PIN to the lock unbeknownst to the home owner, as shown in this video, sabotaging a Schlage electronic lock
That malicious link could even be broadcast widely to SmartThings victims to plant secret backdoor codes in the locks of any SmartThings owner who clicked it, says Atul Prakash, a University of Michigan computer science professor who worked on the study. “It’s definitely possible to do an attack on a large number of users just by getting them to click on these links on a help forum or in emails,” says Prakash. “Once you have that, whoever clicks and signs on, we’ll have the credentials required to control their smart app.” The researchers admit that the other three of their four demonstration attacks require a more involved level of trickery: The attackers would have to convince their victim to download a piece of malware disguised as an app in Samsung SmartThing’s dedicated app store that would appear to simply monitor the battery charge of various devices on a SmartThings home network. The challenge there would be not just in getting someone to download the app but in smuggling an evil app into the SmartThings app store in the first place, a step the researchers didn’t actually attempt for fear of legal repercussions or compromising real peoples’ homes.
Due to what they describe as a design flaw in SmartThings’ system of privileges for apps, however, such a battery monitor app would actually have far greater access to those devices than SmartThings intended. With it installed, the researchers have demonstrated that an attacker could disable “vacation mode”—a setting designed to periodically turn lights on and off to make the owner appear to be at home—set off a smoke detector, or steal the PIN from the victim’s door lock and send it via text message to the attacker. Here’s a video demo of that PIN-stealing attack in action: In a statement, a SmartThings spokesperson said that the company had been working with the researchers for weeks “on ways that we can continue to make the smart home more secure,” but nonetheless downplayed the severity of their attacks. “The potential vulnerabilities disclosed in the report are primarily dependent on two scenarios – the installation of a malicious SmartApp or the failure of third party developers to follow SmartThings guidelines on how to keep their code secure,” the SmartThings statement reads.
The company, in other words, blames the authentication vulnerability that allowed the addition of a secret lock PIN on the Android app the researchers reverse-engineered to pull off their redirect attack. “Regarding the malicious SmartApps described, these have not and would not ever impact our customers because of the certification and code review processes SmartThings has in place to ensure malicious SmartApps are not approved for publication. To further improve our SmartApp approval processes and ensure that the potential vulnerabilities described continue not to affect our customers, we have added additional security review requirements for the publication of any SmartApp.” The researchers say, however, that their attacks would still work today as well as they did when they first approached SmartThings; neither the Android app they reverse engineered to exploit the SmartThings authentication flaw nor the privilege overreach flaw itself has been fixed. And they argue that it would be tough for Samsung’s SmartThings app reviewers to detect the sort of malware they created.
None of the battery-monitoring app’s malicious commands were actually apparent in its code, they say, and could instead be injected from the server that controls the app when it’s past that code review and running on the victim’s device. They analyzed 499 SmartThings and found that more than half of them had at least some level of privilege they considered overbroad, and that 68 actually used capabilities they weren’t meant to possess. “The code is set up so we can very nicely push in the malicious stuff,” says Fernandes. “But you’d have to explicitly be looking for that.” As evidence that SmartThings owners would actually install their malware, they performed a survey of 22 people using SmartThings devices and found that 77 percent of them would be interested in that battery monitor app. The researchers argue that the more fundamental issue in SmartThings’ platform is “overprivilege.” Just as smartphone apps must ask a user’s permission for access to his or her location, a SmartThings app that’s meant to check a lock’s battery shouldn’t be able to steal its PIN or set off a fire alarm, they argue.