• Address
  • Strijp TQ
  • Achtseweg Zuid 151C
  • 5651 GW Eindhoven
  • MindLabs
  • Locomotiefboulevard 103
  • 5041 SE Tilburg

Flient smartlock pentesting

Transformative Technology:

Cyber Security

Semester programme:

Cyber Security

Client company:

Flient

Project group members:

Obada aljarrah
Mahmoud Ikhlaf
Rick kanters
Lucas Lammers
Mohammed Salah.

Previous project FitPhone Next projectFlower Inventory Forecast

Project description

We tested security features of the lock by methodically pentesting and researching the locks capability.

Main Question
How can we gain unauthorized access to the Flient Smart Lock?

Sub-questions

  • Which technologies are used in the Flient Smart Lock and how do they work?
  • How do the encryption methods and authentication protocols in the Flient Smart Lock compare to industry standards?
  • How does the mobile app communicate with the Flient Smart Lock, which security protocols are used, and is it possible to manipulate and/or intercept the app?
  • Are there previously discovered vulnerabilities that are still present in the Flient Smart Lock?
  • How susceptible is the Flient Smart Lock to physical attacks, for example PIN code, lock, and fingerprint?

Context

This study aims to provide a comprehensive analysis of the digital security of the Flient Smart Lock. It focuses on identifying potential vulnerabilities within the technologies employed by the lock, including Bluetooth, Wi-Fi, and NFC. By analyzing and testing the system both theoretically and practically, we aim to determine to what extent the lock is resistant to unauthorized access, both digital and physical.

Results

The analysis revealed that the system employs multiple technologies, including Bluetooth, Wi-Fi, NFC, and biometric authentication. While this multi-faceted approach enhances versatility, it concurrently amplifies the potential attack surface, thereby increasing the risk of vulnerabilities.

Download Research Paper English (PDF)

Download Onderzoeksrapport NL (PDF)

About the project group

the group consists of 4 group members with an infra and cybersecurity background and 1 member with a software and cybersecurity background. We spent 5 sprints in total for this project, every sprint we had a sprint delivery where we got feedback from our stakeholders. We also had our own stand-ups every sprint. A substantial part of the project was that we worked with testcases and the dotframework method with the research questions to make this a researchpaper. Flient was very helpfull and open for the project.

Gallery

Click an image to enlarge
Back to
Projects Eindhoven - June '25
Curious to learn more about the InnovationLab? Get in touch!

Let's talk!