Can August Smart Locks Be Hacked?! – The Scary Answer

August smart locks have grown popular among tech-savvy homeowners due to their interesting safety features.

However coming from a computer science background I started to wonder…

Can August smart locks be hacked? Yes, they can be potential targets of hackers though there is no recently reported incident. The use of WiFi, Bluetooth, and smart devices in typical set-ups poses a problem as any digital expert can intercept wireless signals, crack passwords, and launch malware attacks to breach existing controls.

This article will discuss the security flaws associated with these locks, August’s responses, and hacking strategies to look out for. Tips on how to prevent these from happening are also added for your peace of mind.

August Smart Lock Features

What It Is

With their pioneering model released on October 14, 2015, August continues to bring the latest home automation styles in the market now that the 4th generation of smarter locks are out. The newest version, August’s WiFi Smart Lock, has an integrated WiFi feature that eliminates the use of bridges such as August Connect for the needed connection. 

August smart locks may look more like smart latch turners but they are automatic door locks capable of quick DIY setup installation. Step-by-step instructions from the app, videos and self-help chat support are made available by the company for your guidance. The device is wireless so you’re able to create virtual keys for anyone, anytime. 

How It Works

August lock is simply connected to a WiFi and paired with smart devices through Bluetooth. Keyless secured entry through your smartphone can make you set up reliable auto-locks and coordinate any other smart home action with the lock. 

Door sensors notify you through the app if the door is locked or not. A red circle appears if the door is locked and becomes green if not. August Connect is the hub you use to connect your August Smart Lock Pro with your WiFi router.

This can also be done alternatively via August Doorbell. In the fourth generation of smart locks, the Connect module is no longer required because of its built-in WiFi support.

Alkaline batteries are used for the lock but the app alerts you once the batteries are near depletion. You can also manually turn the lock inside or just use the physical key from outside in case of malfunction or used up batteries. The August app is wonderfully glitch-free so you can definitely trust its intuitive features.

Why It Is Popular

With an attractive and polished look, now made sleek and slimmer in its newest form, these smart locks continuously gain overwhelming customer approval.

Giving key access to family, friends or guests for one-time, recurring or permanent privileges is just a tap away in your smartphone app. Home automation has never been this easy. 

The lock is made compatible with a number of Smart devices for your convenience. Included in the list are Amazon Alexa, Apple Homekit, Airbnb, Google Home, Nest, IFTTT, Ring Alarm, Home Away, Logitech Pop, Honeywell, Stringify, and Z-Wave Alliance. August strives to improve their smart locks so you can expect better products ahead. 

Security Issues Of August Smart Locks

Unprotected Login Credentials

Experiments By PcMag And Bitdefender

Security experiments done by PcMag and Bitdefender in late 2019 discovered a vulnerability flaw in August’s Smart Lock Pro + Connect. While August WiFi Smart Locks are already selling, a good number of installed smart locks still fall under the 3rd gen category and under, thus, making this flaw a big deal.

The security hole can provide hackers full access to your WiFi network that might lead to a disaster. 

The device is normally placed in setup mode, which makes it an access point – an open and unprotected type. Your connection to that access point is virtual, that is via smartphone. The app then sends the WiFi login credentials to the device through that connection. 

However, there is no protection in whatsoever way for the exchange of credentials. An intruder can listen to your network at the time of exchange even without logging in, capture the WiFi credentials, and gain full access.

Forced reentry of credentials may be done at a separate time, as proven by the conducted test. The fault here is in the encryption, as August only hard-coded the encryption key in the device’s firmware.

August’s Response 

August was informed in December 2019 about Bitdefender’s findings, with the hope of fixing this glitch. The company initially responded by emphasizing its commitment to customer privacy and security and describing its response to another problem, that of Spectra. 

Seeking for more definite responses, a clarification was made by the proponents. August defended that once Connect is fully set up, any attack will be unsuccessful, which is not true due to the possible reentry of credentials. August said that they’re working to resolve it. Both parties agreed to publicly disclose this issue by June 2020.

After eight months, that is August 2020, the flaw has not been fixed yet and no reports were received from the company after two update requests. This is why PCMag and Bitdefender both made a public disclosure in separate writings. PCMag had an article about it while Bitdefender published its white paper

It is important to note though that this vulnerability won’t give any hacker control of your smart lock and is only applicable in smart locks with the Connect module.  

Software Allow Guests To Enroll New Key

Research By Jmaxxz

An earlier research was made by Jmaxxz, a white-hat hacker and software engineer, in 2016 for August’s 1st and 2nd gen products and a break-in was shown possible. This was corroborated by a paper on security analysis of August smart locks from a research team of Massachusetts Institute of Technology.

Guest access was discovered to be vulnerable as the guest may hack the software and enroll a new key. This new key was found to be possible even if the owner already deactivated the guest’s access. With a new key, anyone can control your August smart lock.

August’s Response

A firmware update that can be accessed in the app was done by the company. Guests can no longer change lock settings under this feature. The server was also updated. Authorized guests will have no ability to modify their authorized keys and existing guests cannot modify access privileges. These moves effectively addressed the vulnerability issue and made the locks even smarter. 

Potential Ways Of Hacking 

Malware Attacks

Cybercriminals can create malicious software or malware and install it in a device without the owner’s knowledge. Your smartphone, which is the key to your smart locks, is not exempted from this form of attack. 

With malwares, personal information stored on the device can be accessed. The installed security system can also be hampered, hence, a major mishap is most likely to come your way. 

Smartphone App Password Attack

Passwords need to be strong enough so as to avoid hacking strategies. Weak passwords can allow hackers to tamper with and control your smart lock under a temporarily compromising situation. Someone sitting close to you can practically do this by just observing you operate your smartphone. Long, randomized passwords can be used instead for your protection.

August’s Security Protocols

August enhanced its security protocols by the use of secure remote access through biometrics. The two-factor authentication process is also applicable. Logging in the installed app will prompt you to verify your action such as typing one-time-use codes sent via phone number or email. 

In case of a lost or stolen phone, you can remove access authorization by logging in at august.com/lostphone. You may also log into your account using another phone until you retrieve your device. Being extra careful with your smartphone these days is indeed indispensable.

Tips To Prevent Hacks

Learn From Others’ Experiences

Reviews provide awareness on efficiency and potential problems, especially prior to purchase. You can access and read reviews and user feedback online, from your tab or smartphone.

Since August smart locks have been around for half a decade, there’s a pretty good number of users by now. If you know someone with an August smart lock in their home, asking for a comment or advice is definitely worth your time.  

Regularly Check If The Lock Is Working Properly

This is a sure way of being more prepared in worse situations. You just don’t know what could happen next!

You can try to unlock the door and check notifications on a daily basis. Running weekly or monthly checks by locking and unlocking doors via smartphone will help you detect irregularities or possible problems. Making sure that the app and batteries are functioning well also helps.

Connect With August Support For Problems

August has a support system to help you in troubleshooting lock issues. You can contact August at support@august.com or call 1(844)-284-8781. This works even for urgent needs as August Support caters issues 7 days a week and 24 hours in a day. 

Contact Local Authorities For Imminent Danger

If you have any reason to think you’re in danger, it’s best to contact local authorities and ask for assistance. The safety-first  policy just never gets too old. 

If you’re interested in the various strategies hackers use to infiltrate your smart locks then check out my in depth article on Can Smart Locks Be Hacked? You Really Should Read This.

Conclusion

As technology gets better over time, so is hacking and burglary. The online and digital platforms have faced all sorts of challenges since Day 1 and cybercrimes are becoming frequent, hence, getting more attention than ever.

While August smart locks have gone a long way in terms of safety and convenience, you can never be too sure all the time. You just have to be aware of the issues, the resolutions at hand and the trade-off you might be getting.

Your decision to buy one has to be at the very least informed. After all, you hold the ultimate key to whatever could  possibly happen in your own home. 

P.S.

That’s it for this article. I hope you enjoyed reading it and if you think it might be useful for someone else then please share it on social media, email or your own website! It really encourages us to write more content and grow the site!

If you’re interested in reading more about smart light, smart garages and smart homes checkout some of the other houshia categories including:

Home Security

Smart Lights

Smart Home

Smart Garage

Steve Foster

Suburbanite, tech geek, handy man, automation enthusiast who started blogging about the stuff I do around my home and found he had a knack for it.

Recent Posts