Grand Theft House: RF Lock Pick Tool to Unlock Smart Door Lock

Recently, many people have installed smart door locks in their homes and offices, as a way to maximize convenience and security. The wireless link provides a simple and convenient connection to the doorlock from anywhere in the IoT-covered area. As RF wireless technology makes our lives more convenient, there have been a lot of security threats and the resulting enhancement in the past decade. The threats remain clearly unresolved due to the vendor's lack of insight into the proprietary RF protocol security.We will provide an in-depth analysis of the implementation of smart door locks and their vulnerabilities on secure rolling code algorithms which use advanced encryption standard (AES) and its cipher-based message for RF transmitter authentication. Our study followed more than 20 different models from 10 different popular vendors and found the almighty key attack was possible in the models. This means we can just walk into a house and open any door lock that's the same model as the one we cracked.We will demonstrate a live hack with the tool we call RF lock picking. The device we created can open any house door for about $20. We will cover the RF device reverse engineering process where hackers can figure out security functionalities, analyze RF signals, make sniffer receivers for decoding and decipher the message. We will also discuss techniques for mitigation issues from the vendor's point of view and propose the direction of one-way RF link authentication.