A Chinese consumer rights watchdog claimed there are security risks in several commercially available smart locks. How should businesses respond?
- On 5 May, a report released by Chinese state-affiliated consumer rights watchdog the China Consumers Association (CCA) claimed there are security risks in a number of commercially available smart locks.
- Models that fared poorly in the tests included smart locks manufactured by companies such as Panasonic, Samsung, and TCL.
- Businesses and staff should ensure they use smart locks that meet the country’s legal requirements.
- Smart lock manufacturers should ensure they address issues identified in the report.
- Insurance firms should be aware of the results when offering coverage for users of such devices.
- Smart locks use a wireless protocol to lock and unlock doors and are being increasingly adopted, primarily among private consumers but also among businesses.
- Market research indicates that China is a key market for smart lock adoption. One estimate in a 2017 white paper by 199IT, a Chinese internet research firm, says that China’s smart lock market is worth RMB195 billion (USD28.8 billion); Chinese manufacturers sold approximately 21 million units in 2018, according to state broadcaster China Central Television.
- According to the CCA test results, more than 48 per cent of password-activated locks, 50 per cent of fingerprint-activated locks, and almost 86 per cent of locks activated by microchip-embedded cards had considerable security risks. The CCA tested 29 models, including the AQara ZNMS12LM, the VOC T77F, and the HSPR HZ-9001.
- Researchers were able to use commonly found tools such as a screwdriver, a pair of tweezers, or a hammer, to break into numerous models, with some locks opening after only a minute. The lock that took the longest to crack was a model produced by Chinese company Loock, needing almost 21 minutes.
- Only around half of the locks triggered an alarm sound when subjected to external force, thus failing to meet Chinese legal standards.
- An investigation in January by the State Administration for Market Regulation (SAMR), China’s market watchdog, found that an estimated 15 per cent of the top 40 smart locks could be compromised, mostly by devices emitting electromagnetic impulses; some facial-recognition locks were unlocked using photographs.
- Smart lock manufacturers should ensure they address issues outlined in the report, including vulnerability to physical tampering with common household tools.
- Insurance firms should factor security concerns surrounding smart locks into their risk assessments.
- Businesses and staff should review their smart lock usage in view of the report, and consider alternatives where deemed appropriate.