Interconnection of all things is the trend of the times. Admittedly, Internet brings great convenience to life, but after the last 315 exposure security intelligence Home Furnishing, in the society has caused a wave of panic, the intelligent Home Furnishing products, the general public is still concerned about security issues.
Security analysis of intelligent door lock network
When it comes to security issues, the most sensitive smart home products is undoubtedly intelligent lock. It is not only a hardware product, but also represents a kind of silent security. Internet hackers, BUG, any product network security risks are being attacked by the network. So what are the security lock network common security risks?
At present the common intelligent door locks, security risks are mainly in the following two areas:
First, open the data command was stolen risk.
One of the main features of the intelligent door lock is to replace the traditional mechanical key with the electronic key. A part of intelligent do not have the technical strength of the lock manufacturers, and even open the door of the command data are not encrypted, or simply borrow the Bluetooth encryption channel itself, this approach is not desirable, instruction data is easy to be stolen, causing a security risk to the user. Whether there is a sufficiently high level of encryption algorithms and strict security policy is one of the hard indicators to distinguish the strength of intelligent lock manufacturers.
Second, the server was attacked resulting in the risk of key leakage.
Some manufacturers of intelligent lock key is stored on the server, once the server is attacked, there is a data breach risk, on the other hand there are risks of embezzlement.
Smart lock manufacturers can choose not to store the user's key security mechanism on their own servers, whether it is the company insiders or hackers, can not get the key to unlock the door. Of course, this requires manufacturers must be able to close the door to solve the user forgot the password, lost a series of problems caused by mobile phones, etc., to solve these problems is more complex. The need to remind the user, not simply believe that the safety of intelligent door manufacturers propaganda, to achieve security strategy, behind also needs a large number of technical means to ensure that technical strength of manufacturers is very important.
Conversely, once the key technology to solve the security, smart locks, relatively traditional locks will have a qualitative leap, is several orders of magnitude improvement (10 increase the difficulty of crack of N times, enhance the safety of thousands of times).
On the security of smart locks, users need to understand the two concepts of insecurity?
1, remote lock
In order to solve the problem without the key, the key to send, a number of intelligent lock manufacturers designed remote unlock function. But as long as the door lock with remote lock function, there are security risks by hackers, although the theory can be done without risk, but so far, no software is completely no loophole. This mechanism, once the success of the hacker attacks, all installed locks are likely to be remotely opened, a huge security risk. But hackers sitting at home to open the door and the thief from the remote with tools to breaking, the risk is completely different, more convenient "culture".
2, online password
Remote send password is a solution to the problem of intelligent lock manufacturers without keys, keys. But the use of "online password" mechanism to send the password, there are security risks and "remote lock" is essentially lock manufacturers once server controlled by the attacker, you can put all the locks are set to the most simple password, such as "123456", and has a permanent effect, real-time synchronization through online mechanism with lock so, all installed door can be opened with the common password.
But on some occasions the intelligent lock must adopt the strategy by the intelligent lock manufacturers open intelligent lock, bicycle intelligent lock may adopt this strategy, although the security properties of this intelligent lock is not high, only to be cracked will affect the bicycle itself, it is difficult to relate to the user's property and personal safety, but if you use personal family, safety is not enough.
Remote unlock function and online password mechanism in essence there are still a lot of security risks.
So for the "no keys, send keys" this pain points have no safe solution?
The answer is, of course, there are. Send the key problem can be solved with a one-time password function. The so-called one-time password refers to when a friend to the door, the owner can send a one-time password via SMS APP, this password is automatically invalid once the input, and are generally limitation. Of course, the one-time password must be offline password, that is, when the password can not be achieved when the door lock.
"The realization mechanism of technology path offline password", is registered in the door, will be a good negotiation algorithm and the corresponding algorithm seed locks and APP/ server system, then at any time, if you want to use the password lock and APP/ server system are calculated according to the registration negotiation algorithm and algorithm of good seed, so even if the lock is not connected to the Internet, can also use a APP to send a one-time password. Conversely, if you send a password, you need to lock the door is networking, it can only be called online password".
The security of the door lock interconnection can be done completely, the security is not the user's cognition, mainly depends on the security policy choice of the intelligent lock manufacturers. There is not enough technology.