Kwikset makes an incredibly popular line of reprogrammable locks that can be easily re-keyed, meaning that landlords don’t have to physically change the locks when their tenants move out. Kwikset boasts that their locks are extremely secure, but Marc Weber Tobias and Toby Bluzmanis will present six Kwikset vulnerabilities at DEFCON; their demo includes an attack that opens the lock “in 15 seconds with a screwdriver and a paper clip.” Tobias and Bluzmanis have spoken to Kwikset technicians about this, and in recorded conversations, the Kwikset employees insisted that the product was secure, something that can’t be taken seriously if you’ve seen Bluzmanis and Tobias work on them.
Kwikset did not respond to requests for comment from WIRED, but Tobias, in phone calls to technical support for Kwikset, was told repeatedly that the locks were impervious to screwdrivers or wires, and that a screwdriver wouldn’t even fit in the keyway.
“With these ones you cannot even put a flat screwdriver in there,” a technician named Satima on the company’s support line told him during a recent phone call, which Tobias recorded. “There’s racks from up and down direction, not just up” that make it impossible to align the springs in the lock, she said. “There’s no tool that you can just put in the cylinder and pop it open. You can’t put any type of wire or anything like that.”
Another technician told him, “If it was that easy to pick a Kwikset lock, they would be having us doing recalls, [but] there’s nothing like that. It’s business as usual.” Without the key, there’s no way to open the locks, the technician asserted, and “sticking anything foreign inside of the keyway is just going to make it that much harder to open up.”
Millions of Kwikset Smartkey Locks Vulnerable to Hacking, Say Researchers [Kim Zetter/Wired]