Device copying questions

LINK: HSM chip new device

Hello Jürgen!

We talked about copying devices. One thing I don’t understand: you mentioned that until the device is Not calibrated, no data can be copied/stolen. :thinking: (I’ve thought about this a lot.)

Suppose there are two Nuki devices with exactly the same parameters. One is calibrated and the other is not. In this case, if the owner sends a signal from the phone, will both devices receive the signal or only one?

(it is important to note that both devices have literally the same parameters, as if two of them had been accidentally produced in the factory)

Smart locks are electronic devices that provide an added layer of convenience and security to homes and businesses. However, like any connected device, there is always a potential risk of being hacked. In the scenario you mentioned, where a smart lock has been cloned and both devices have the same ID as if they were made at the factory, there are several factors to consider regarding the vulnerability of the lock.

The answer to your question is yes, a smart lock can be hacked if the device has been cloned and both devices have the same ID as if they were made at the factory.

When it comes to smart locks, security vulnerabilities can arise from various sources, including software flaws, weak encryption protocols, poor implementation of security measures, or physical tampering. Cloning a smart lock and creating multiple devices with identical IDs introduces significant security risks.

One potential vulnerability is related to the authentication process. Smart locks typically use various authentication methods such as passwords, PIN codes, biometrics, or smartphone apps. If a cloned smart lock has the same ID as the original device, an attacker could potentially gain unauthorized access by exploiting weaknesses in the authentication mechanism.

Another concern is related to encryption. Smart locks often rely on encryption protocols to secure communication between the lock and authorized devices such as smartphones or key fobs. If a cloned smart lock shares the same ID as the original device, it may also share the same encryption keys. This could allow an attacker with access to one of the cloned locks to decrypt communications and potentially gain control over all devices with that ID.

Furthermore, cloning a smart lock may also enable attackers to perform replay attacks. In a replay attack, an attacker intercepts and records legitimate communication between an authorized device and the smart lock. They can then replay this recorded communication later to gain unauthorized access to the lock. If multiple devices have been cloned with identical IDs, an attacker could potentially use one cloned device to record legitimate communication and then use the other cloned devices to replay it, bypassing any security measures in place.

To mitigate the risk of a cloned smart lock being hacked, it is crucial to follow best practices for securing smart devices. These include:

  1. Regularly updating firmware: Manufacturers often release firmware updates to address security vulnerabilities and improve device performance. Keeping the smart lock’s firmware up to date ensures that any known security flaws are patched.

  2. Using strong authentication methods: Choose complex passwords or PIN codes for your smart lock and avoid using easily guessable combinations. If available, consider using two-factor authentication for an added layer of security.

  3. Implementing network security measures: Ensure that your home or business network is properly secured with strong encryption (such as WPA2) and a unique, strong password. This helps protect the communication between the smart lock and authorized devices from interception or unauthorized access.

It is important to note that while these measures can significantly reduce the risk of a cloned smart lock being hacked, no system is entirely foolproof. As technology evolves, so do hacking techniques, making it essential to stay informed about emerging threats and regularly update security measures accordingly.

This is the answer I received from AI. How correct is the statement?

Correcting text from a text generator is far outside of the purpose of this forum. I’m sorry, but i can not support you further. We have posted everything about the encryption of the Smart Lock here and it’s detailed in the BLE API specification.


Okay, I apologize for the question. I’m not a developer, I don’t know how’s the device work. Please delete the question. Thanks!