Fingerprint Theft Using Smart Padlocks: Droplock Exploits and Defenses

TL;DR

This paper investigates vulnerabilities in smart padlocks, specifically droplock exploits, analyzing various attack methods and proposing security measures to prevent fingerprint theft and enhance device safety.

Contribution

It provides an in-depth analysis of droplock vulnerabilities across multiple smart lock models and recommends stronger security controls to mitigate these risks.

Findings

Droplock attacks can be performed on various smart lock models.

Current security measures are insufficient against fingerprint theft.

Proposed defenses can significantly reduce attack success rates.

Abstract

There is growing adoption of smart devices such as digital locks with remote control and sophisticated authentication mechanisms. However, a lack of attention to device security and user-awareness beyond the primary function of these IoT devices may be exposing users to invisible risks. This paper extends upon prior work that defined the "droplock", an attack whereby a smart lock is turned into a wireless fingerprint harvester. We perform a more in-depth analysis of a broader range of vulnerabilities and exploits that make a droplock attack easier to perform and harder to detect. Analysis is extended to a range of other smart lock models, and a threat model is used as the basis to recommend stronger security controls that may mitigate the risks of such as attack.