Opener stop remote access from anywhere to non admin user of the nuki app

CDR · May 18, 2022, 7:16pm

NUKI OPENER

Summary

If the Opener is connected to a bridge, the smartphone Nuki app for an authorized user ( non admin) will open the door from anywhere in the world and that, whether or not the remote access has been authorized for the given user.

This is a fundamentally insecure design error and leaves the system wide open to a user opening the door by mistake from another location or or even by someone unauthorized in possession of the user’s phone. It should be possible to limit the use of the app to ONLY when the phone is in physical proximity to the opener - in or near the building.

Switching off or on remote access in Nuki web for a non-admin user of the opener makes no difference at all. The remote access from anywhere remains.

Have discussed this with NUKI Support. They inform that such limitation is available for the Smart lock, but not for the Opener + Bridge. So the NUKI team know how to do it. The support say that they no information about any planned implementation for the opener.

I am astonished that NUKI would think to leave such a hole in the security of the Opener. It is absolutely not OK !

Features

My preference for ‘Located in the building’ is that the user’s smartphone is within range and connected to the same pre-defined SSID as the bridge.
The Nuki app location function can also geo-sense that the phone is in or near the building.

Reason

We are a school. We want our teachers to open the door with the Nuki app ONLY when they are in the building, not by mistake from home or from holiday on some far away island or by someone else with the user’s phone.

We tried to workaround by unplugging the bridge and relying on Bluetooth. But that is not practical because reestablishing the Bluetooth connection at each entry to the building is too slow and sometimes need 3 or 4 attempts or does not work at all.

Examples

The use case is very clear.
When the non-admin user of the app is away from the building: the opener presents as off line (or unavailable).
When the user approaches the door with their phone : the app notifies that it has connected via the named wifi to the opener or the location geo-sensing has recognized where it is: The user then opens the door with the app.

Rose_Languste · May 19, 2022, 6:21pm

Hi! This is a important matter, but you have to write this in the “Feature-Request” section! Because here nobody can vote for your request, and so for never be realised! Please transfer this to the Feature requests section!

Juergen · May 20, 2022, 3:33pm

There was already another thread about this here: OPENER with BRIDGE : A serious security breach.

Maybe the suggested alternatives help you, even though your case is a bit different.
Otherwise, please create a proper feature request.

Please also mention there that the decision whether access is allowed or not should not be decided via transport protocol (direct via BLE vs. via bridge) but by means of GPS location data that the mobile phone has.