As our homes become smarter and more connected we come up with new ways of reasoning about our privacy and security. Vendors promise security, but provide little technical information to back up their claims. Further complicating the matter, many of these devices are closed systems which can be difficult to assess. This talk will explore the validity of claims made by one smart lock manufacturer about the security of their product. The entire solution will be deconstructed and examined all the way from web services to the lock itself. By exploiting multiple vulnerabilities Jmaxxz will demonstrate not only how to backdoor a front door, but also how to utilize these same techniques to protect your privacy.
Jmaxxz works as a software engineer for a Fortune 100 company, and is a security researcher for pleasure. His FlashHacker program was featured in Lifehacker’s most popular free downloads of 2010. More recently he has contributed to the node_pcap project which allows interfacing with libpcap from node. His other interests include lock picking and taking things apart.