Fraunhofer researchers hack Bluetooth locks from Tapplock

The scientists had built an attack tool from potato chip cans and commercially available mini-computers
(c) Fraunhofer SIT

A homemade directional antenna made of potato chip cans and two commercially available mini-computers are enough to hack Bluetooth locks made by the US manufacturer Tapplock in seconds, as proven by researchers at the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt. The manufacturer was informed about the vulnerabilities and has since fixed them in one of its models.

Cumbersome rummaging around for the bike lock or locker key is no longer necessary with a modern Bluetooth lock: You simply close the lock using your fingerprint or via an app on your smartphone, which is connected to the lock via Bluetooth Low Energy (BLE). But even these locks can be picked, as a group of scientists from Fraunhofer SIT has now discovered. They examined two Bluetooth locks from the manufacturer Tapplock, namely Tapplock ONE and Tapplock ONE+, and found two serious security vulnerabilities in both models. These objects allow attacks that can completely undermine the security mechanisms of the locks without leaving any traces of intrusion. Both attacks can be carried out with minimal technical and financial resources. An attack tool was used for this purpose, which the scientists had built from potato chip cans and commercially available mini-computers (Raspberry Pi), among other things.

Attack with directional radio antenna from chip cans

The first attack scenario uses a man-in-the-middle attack: Here, the attacker switches into the Bluetooth connection established between the lock and the attack victim’s smartphone while locking his lock. Thus, the data that is normally exchanged directly between the lock and the smartphone also passes through the attacker. Once the owner has left, the attacker maintains the connection to the lock and simply resends the communication data that had been just sent to the lock, which is necessary to open and close the lock. The lock opens and the attacker has achieved his goal.

Replay attack picks the lock in under a minute

The second vulnerability found can be exploited via a so-called replay attack. To do this, it is necessary to record the locking process once, using a challenge-response method, for example, with the self-made attack tool. This time, the attacker no longer needs a constant connection to the lock, but simply waits until he has free access to the lock and launches any number of queries to the lock. This is possible because the lock did not have any blocking or delay built in even with many queries. It takes about 30 to 60 seconds for the previously recorded challenge to repeat. With the recorded response, it is now possible to open the lock any number of times without the rightful owner noticing.

The Fraunhofer SIT researchers reported these vulnerabilites to the manufacturer Tapplock as part of the responsible disclosure process. The manufacturer has closed the vulnerabilities in the Tapplock One+ model, but the Tapplock One model did not receive an update.

Wissenschaftliche Ansprechpartner:

Prof. Dr. Christoph Krauß

Weitere Informationen:

https://www.sit.fraunhofer.de/fileadmin/dokumente/artikel/FraunhoferSIT_Whitepap…

Media Contact

MA Oliver Küch Presse- und Öffentlichkeitsarbeit
Fraunhofer-Institut für Sichere Informationstechnologie SIT

All latest news from the category: Information Technology

Here you can find a summary of innovations in the fields of information and data processing and up-to-date developments on IT equipment and hardware.

This area covers topics such as IT services, IT architectures, IT management and telecommunications.

Back to home

Comments (0)

Write a comment

Newest articles

Innovative 3D printed scaffolds offer new hope for bone healing

Researchers at the Institute for Bioengineering of Catalonia have developed novel 3D printed PLA-CaP scaffolds that promote blood vessel formation, ensuring better healing and regeneration of bone tissue. Bone is…

The surprising role of gut infection in Alzheimer’s disease

ASU- and Banner Alzheimer’s Institute-led study implicates link between a common virus and the disease, which travels from the gut to the brain and may be a target for antiviral…

Molecular gardening: New enzymes discovered for protein modification pruning

How deubiquitinases USP53 and USP54 cleave long polyubiquitin chains and how the former is linked to liver disease in children. Deubiquitinases (DUBs) are enzymes used by cells to trim protein…