Bluetooth Security and MojoLocks

Bluetooth is emerging as the preferred wireless communication standard for smart devices. This is because Bluetooth is an available feature on any smartphone, unlike other wireless protocols including Z-Wave and Zigbee. These other wireless communication standards require the addition of a Bluetooth or WiFi hub to communicate with devices, while Bluetooth does not. 

MojoLocks using Bluetooth are designed to be as fundamentally secure as any Z-Wave and Zigbee device. They use similar approaches to secure communications, including:

  • Encrypted communications, to thwart third-party eavesdropping.
  • One-time, token-like access requests, that cannot be captured and reused.

It’s worth remembering how much we already rely on Bluetooth and how much more prevalent it is in our everyday lives versus Z-Wave and Zigbee. It is enabled on every smartphone, tablet and notebook computer on the market. And, just like someone cannot walk up alongside your Bluetooth-enabled smartphone and hack it remotely, someone similarly cannot walk up to a Bluetooth smartlock and hack it open.

Any and all attacks on a Bluetooth device (like similar attack vectors on Z-Wave and Zigbee) require both (1) sophisticated, highly-technical attempts to identify an exploit and (2) third-party physical proximity to the device while it is actively communicating with an authorized party via Bluetooth. A Bluetooth-based attack requires orders of magnitude more effort than traditional, physical approaches to unlawful entry.

Moreover, unlike most Z-Wave and Zigbee products that are internet connected, ShowMojo’s MojoLocks are not. This removes the risk of any remote-based attack, to which internet-connected products are susceptible. This brings up an additional point of consideration: a MojoLock that is used only via keypad and never via Bluetooth is impervious to any Bluetooth-based attack. That’s not the case for an internet-connected smartlock. Those devices are open to technical attacks from the internet and even social engineering attacks via call centers.




Was this article helpful?