A smart padlock, 360lock, based on the Ethereum blockchain, was cracked with a simple Bluetooth attack and a 1 kg hammer. The experiment conducted by researchers from Pen Test Partners.
\n
The lock’s designers advertised it as \”fully tamper-proof,\” thanks to the blockchain integration and \”advanced cryptographic codes.\”
\n
\n
Locking and unlocking the lock occur through an app that transmits data over Bluetooth Low Energy, rather than via a physical key or keypad.
\n
Pen Test Partners researcher David Lodge recorded a successful Bluetooth unlock sequence and then reproduced it successfully.
\n
\n
This shows that the lock is vulnerable to replay attacks.
\n
The lock housing is made from a zinc-based alloy used in a range of items from zippers to rifle stocks and inexpensive jewelry.
\n
The researcher needed just one hammer blow to break the lock.
\n
\n
Undoing four screws gave him access to the plug held in place by silicone sealant.
\n
\n
David Lodge noted that all of these weaknesses would have been revealed by a simple security check.
\n
In 2019, an engineer was able to unlock the \”smart\” Pineworld lock. He also physically unlocked the device by drilling a small hole in the housing.
\n
Earlier, ForkLog spoke with CSO Ledger Charles Guillaume about methods to hack hardware wallets Trezor, HTC Exodus and Ledger.
\n
Subscribe to ForkLog news on Telegram: ForkLog Feed — the full news feed, ForkLog — the most important news and polls.