BLE MAC address duplicate by hacker to unlock door

I have been thinking of using my smart band or phone to unlock Z-wave door. However, one thing that concern me is how easy it is to sniff someone BLE device to obtain its info such as MAC address. A hacker can then duplicate the MAC address on its own BLE device and use it to unlock my door.

What do you guys think? Is that possible?

I guess its possible, but they would have to:
a) Think to do it to YOU.
b) Be close enough to you to sniff your BLE device.
c) Know that you are using your BLE device to open the door.
d) Go close enough to your house to use the duplicated MAC BLE device.

So it comes down to how likely this might be for you…

It seems it is easier to steal your “key” than good old fashion lock that uses normal key. This sacrifices too much security for convenience.

just stick with RFID tags (or use NFC in your phone). At least then you are talking about much shorter ranges so its much less likely for a hacker to clone you

To add to the paranoia. A burglar will use a foot to break down the door rather than steal your key, whichever version of “key” you are using. A sophisticated crook could use a bump key if your lock is susceptible, and most locks with a tumbler lock are. If you have a Smartlock with keypad, a crook could hide a camera close to the lock and record your coming and goings.
Nothing is unbeatable. You could reinforce your doors, put bars on all the windows but if a thief really wants in, they will get in. Make sure you keep up your insurance.

agreed. In all honesty a burglar is not going to go through any of that effort when he can just kick in a glass window or throw a brick through it. These guys go for the simple and fast methods of entry, not sophistication. Also, if you have a tiled roof, they can generally just slide a few tiles out of the way and climb in. Go and use your tech, no one is going to hack you.

1 Like

well… i agree all your arguments are valid. but it is not a convincing way to market a “product”. imagine you are selling door lock and this door lock is basically useless. anyone can use any key to open the lock. will you tell your prospect, “Don’t worry. The burglar won’t know you are using my lock. If they wanted to break in, they would kick open the door or climb through the roof tile”? It won’t sell isn’t it?

It’s no different than bring a good ol’ key. My idea of keyless entry is not to bring anything extra other than those already on you and the kids don’t have a phone. I’m thinking of fingerprint lock but it is way over my budget. PIN lock is great but it will be backup method.

You could make your own fingerprint access point using one of these without spending too much.

https://www.sparkfun.com/products/11792

1 Like

I would like a way to hack my schlage sense which is homekit through ble. I thought homekit was so far unhackable.