A hi-tech padlock secured with a fingerprint can be opened by anyone with a smartphone, security researchers have found.
On its website, Tapplock is described as the “world’s first smart fingerprint padlock”.
But researchers said it took just 45 minutes to find a way to unlock any Tapplock.
In response, the firm acknowledged the flaw and said it was issuing “an important security patch”.
In a blogpost, security expert Andrew Tierney from Pen Test Partners (PTP), outlined how he had hacked the lock.
“You can just walk up to any Tapplock and unlock it in under two seconds. It requires no skill or knowledge to do this.”
He said he was “so astounded” by how easy it was that he ordered another lock in case his first attempt had been a fluke.
The lock’s software does not take even simple steps to secure the data it broadcasts, he said, leaving it open to several “trivial” attacks.
The “major flaw” in its design is that the unlock key for the device is easily discovered because it is generated from the Bluetooth Low Energy ID that is broadcast by the lock.
Anyone with a smartphone would be able to pick up this key if they scanned for Bluetooth devices when close to a Tapplock.
Using this key in conjunction with commands broadcast by the Tapplock would let attackers successfully open any one they found, said Tierney.