Researchers Remotely Hacked U-Tech Smart Locks; No Other Brands Affected

How-To Geek

By Josh Hendrickson

Published Aug 6, 2020

If you own a U-Tec UltraLoq smart lock, it's time to update. Researchers discovered a method to remotely unlock your door with little more than a Mac address.

You may have seen that researchers discovered a hack to open smart locks with just a Mac Address. The good news is, only one smart lock brand, U-Tec, had the problem. And even better, it's patched. Update your smart locks now if you own an UltraLoq smart lock.

Recently, researchers discovered that with some relatively simple (though technical) tools, they could remotely unlock U-Tech UltraLoq smart locks with just a MAC address. Obtaining all the information to hack the door wasn't difficult, because the lock itself broadcasted the data. Thankfully the company already implemented a fix.

Smart locks are a convenient addition to your home and can help you with security. In addition to unlocking and locking your home remotely or without digging out a key, you can turn on timers and routines to ensure the door is locked when you leave or overnight. But adding a radio to any face of your home does ultimately introduce a vulnerability.

In the case of smart locks, that's a negligible risk, as all locks are already vulnerable to lockpicking. As demonstrated time and time again on YouTube, it's probably easier and cheaper to learn to pick locks than to learn to hack IOT devices.

Still, that doesn't let smart lockers off the hook, any security-focused devices, like a lock, should be secure in every way possible. Unfortunately for U-Tec, which makes the UltraLoq smart lock, researchers at Tripwire discovered some gaping holes in the company's security. The researchers looked for MQTT vulnerabilities and found some in the UltraLoq setup.

MQTT is a system many IOT manufacturers use to broadcast messages between devices. Tripwire researchers use thermostats and HVAC systems as an example. MQTT allows the thermostats in different rooms to broadcast temperature info about the room and the HVAC system to "subscribe" and react appropriately.

In the case of UltraLoq smart locks, that system is in use between the smart lock and a Bluetooth-paired Wi-fi bridge. That's a standard system used in smart locks to add remote capability while keeping the lock small and compact.

With some searching, researchers discovered UltraLocs broadcasting information to the internet containing email addresses and other data. A closer look at the lock yielded a method to scrape the lock's Mac address, IP address and more. That's enough information to identify individuals, and even remotely unlock a door.

The good news is, Tripwire responsibly disclosed the problem to U-Tec and gave plenty of detail about the issue. At first, U-Tec's patches didn't solve the problem, but Tripwire continued to provide feedback. Eventually, U-Tec got it right, and now Tripwire is publically disclosing the information.

Every smart home device you introduce to your home is a new source of vulnerability. That's something to keep in mind if you're considering adding anything internet-connected in your home. But responsible manufacturers will patch discovered vulnerabilities, so if you do have smart home devices, the most important thing to do is keep them updated.

Source: Tripwire