How UniKey Defeated the Defcon Hack

“A recent investigation at DEFCON showed that most smart locks are easy to hack into, but Kwikset’s Kevo was one of few locks that only succumbed to a few hard blows from a screwdriver, as opposed to a software hack.” -Techcrunch

The Security Problem

The software and sensors we integrate into a door, window, or car lock today impact the end user of tomorrow. While a connected washer or refrigerator pose security and privacy concerns, their physical failures generally only cause inconvenience or a costly repair bill.

The same cannot be said of a door lock or commercial access control reader. While they, too, hold the capacity to put security and privacy at risk, their failures directly impact end users’ physical security and wellbeing. A burglar, malcontented ex-employee, or other individual can enter the premises and wreak havoc.

Due to these concerns, security by design (SbD), in all its aspects, becomes paramount. The principles tend to govern the digital world, but, as in UniKey’s case, they often affect the physical one, too.

The Integration Challenge

Connected devices aren’t meant to run in isolation. Rather, they connect to a hub to create an ecosystem of products that streamline day-to-day processes and make life easier. The premise sounds great, but it disintegrates if one of the devices proves to be vulnerable to hacking. Like a virus or a stack of dominoes, if one device succumbs to a threat, so does another. Eventually, the entire ecosystem falls to the initial exploit.

Security (and privacy) by design offers a solution: every product connected to the Internet must employ leading security standards, and its developers must adhere to best-in-class security practices and methodologies from the get-go. UniKey embraces both facets, explaining why it took a screwdriver to put the Kwikset Kevo lock “at risk” during Defcon 2016.

The Data Question

Unlocking and unleashing data tends to be the primary goal for end users and IoT products. It occurs on the small scale—think FitBit and Apple Watch—as well as the large one. With sensors integrated into utilities, electric and water providers better understand usage and seasonal trends, which allows them to more quickly respond to customer needs.

Again, great premise. And again, the same solution: security by design. Companies need to secure data, as evidenced by Federal Trade Commission (FTC) Chairwoman Edith Ramirez’ keynote at the 2015 Consumer Electronics Show (CES).

Ramirez asked OEMs, developers, and other parties working in IoT to embrace security by design then, and her appeal continues to ring out today. Companies must embrace the highest levels of encryption and layer in security from end to end. Many, including UniKey, do because, by protecting data, applications, and devices, they safeguard the people who use them.

The People Element

Security by design says little about people, even though they are the ones using connected devices and gadgets on a daily basis. As such, they should be viewed as a critical component. No company gets into the IoT business to sell products to robots, even if said product is designed for machine-to-machine (M2M) interactions. Companies sell to people, and people use the products, including the ones employing M2M.

Some companies offer basic security training and education, which is good and hugely beneficial. Their customers should know and implement security practices that protect the digital and physical perimeter. However, the companies remain reliant upon human end users remembering and following security practices every minute of every day.

UniKey suggests a different answer: simplicity. By first securing the application that powers an unlock/lock mechanism, the burden on the device and the person using it lowers. Security becomes seamless and convenient because the end user thinks no more of it than they do about locking the door or closing the garage as they head out for the day.

The simplicity reveals, as it did at Defcon, that the only way to hack a UniKey-integrated product is to take a screwdriver to it. At UniKey, security and privacy always come first because they benefit OEM partners, property managers, and other individuals. The two facets—i.e., the components of a security by design mindset—help them create products and experiences that both enrich and protect their customers’ lives.

Want to learn more about UniKey’s technology? Contact us today.