Flient smartlock pentesting
Cyber Security
Semester programme:Cyber Security
Client company:Flient
Obada aljarrah
Mahmoud Ikhlaf
Rick kanters
Lucas Lammers
Mohammed Salah.
Project description
We tested security features of the lock by methodically pentesting and researching the locks capability.
Main Question
How can we gain unauthorized access to the Flient Smart Lock?
Sub-questions
- Which technologies are used in the Flient Smart Lock and how do they work?
- How do the encryption methods and authentication protocols in the Flient Smart Lock compare to industry standards?
- How does the mobile app communicate with the Flient Smart Lock, which security protocols are used, and is it possible to manipulate and/or intercept the app?
- Are there previously discovered vulnerabilities that are still present in the Flient Smart Lock?
- How susceptible is the Flient Smart Lock to physical attacks, for example PIN code, lock, and fingerprint?
Context
This study aims to provide a comprehensive analysis of the digital security of the Flient Smart Lock. It focuses on identifying potential vulnerabilities within the technologies employed by the lock, including Bluetooth, Wi-Fi, and NFC. By analyzing and testing the system both theoretically and practically, we aim to determine to what extent the lock is resistant to unauthorized access, both digital and physical.
Results
The analysis revealed that the system employs multiple technologies, including Bluetooth, Wi-Fi, NFC, and biometric authentication. While this multi-faceted approach enhances versatility, it concurrently amplifies the potential attack surface, thereby increasing the risk of vulnerabilities.
Download Research Paper English (PDF)
Download Onderzoeksrapport NL (PDF)
About the project group
the group consists of 4 group members with an infra and cybersecurity background and 1 member with a software and cybersecurity background. We spent 5 sprints in total for this project, every sprint we had a sprint delivery where we got feedback from our stakeholders. We also had our own stand-ups every sprint. A substantial part of the project was that we worked with testcases and the dotframework method with the research questions to make this a researchpaper. Flient was very helpfull and open for the project.