Tapplock, a company that makes fingerprint-verified locks, has had a rough time with its locks’ security. The company’s flagship lock, which has been available since 2019, is apparently easy to pop open with a magnet. YouTuber LockPickingLawyer published a video last week showing how he could use a powerful magnet to turn the motor inside the Tapplock One Plus, causing it to open. The entire process takes less than 30 seconds.
The Tapplock One Plus costs $99 and features a fingerprint sensor. It also has built-in Bluetooth, so people can unlock it using an app. In response to the video, Tapplock commented: “Wow! Shout out to LPL for finding this exploit. Working on a fix with magnetic shielding, will be back.”
This is a commendable reply, although it doesn’t do much for people who already bought the lock. Most companies ignore bug reports or fail to fix the flaw. It at least seems like Tapplock wants to figure out how to prevent this kind of attack.
That said, the company’s earlier fingerprint smart lock had its own security issues.
In 2018, YouTuber JerryRigEverything proved he could pull the lock apart using just a sticky GoPro mount, while cybersecurity company PenTest Partners found that the actual code and digital authentication methods for the lock were essentially nonexistent. All someone would need to unlock the lock is its Bluetooth Low Energy MAC address, which the lock itself broadcasts. PenTest Partners also snapped the lock with a pair of 12-inch bolt cutters.
Ultimately, it’s a good thing people are putting these locks through security tests. That’s one of the only ways companies can find out if their products are flawed, and Tapplock being open to the feedback is even better.