Read on Twitter
Tapplock is only secondarily a manufacturer of "Smart Locks." Primarily, what they manufacture is horrible security gaffes.
Remember when they made a lock that you didn't need to pick because you could just disassemble it by removing a single screw?
https://twitter.com/LockPickingLwyr/status/1007613178249965569
1/
Remember when they made a lock that you didn't need to pick because you could just disassemble it by removing a single screw?
https://twitter.com/LockPickingLwyr/status/1007613178249965569
1/
Then researchers discovered that the screwdriver was option, since the lock continuously broadcasted its unlock code over Bluetooth:
https://www.theverge.com/circuitbreaker/2018/6/13/17461612/tapplock-smart-lock-hack-bluetooth-low-energy
(the locks are also made of garbage steel that's easy to cut)
2/
https://www.theverge.com/circuitbreaker/2018/6/13/17461612/tapplock-smart-lock-hack-bluetooth-low-energy
(the locks are also made of garbage steel that's easy to cut)
2/
Well, it turns out that Tapplock isn't merely really bad at protecting your physical security - they also haemorrhage the data of everyone who uses their locks.
https://arstechnica.com/tech-policy/2020/04/easy-to-pick-smart-locks-gush-personal-data-ftc-finds/
3/
https://arstechnica.com/tech-policy/2020/04/easy-to-pick-smart-locks-gush-personal-data-ftc-finds/
3/
The @FTC just settled with Tapplock, and the docs reveal that the company (which makes locks!) had NO SECURITY PROGRAM FOR ITS PRODUCTS.
https://www.ftc.gov/system/files/documents/cases/192_3011_tapplock_complaint.pdf
4/
https://www.ftc.gov/system/files/documents/cases/192_3011_tapplock_complaint.pdf
4/
This oversight allowed attackers to harvest the data that Tapplock gathered on its users: "usernames, email addresses, profile photos, location history, and the precise location of a user's lock."
5/
5/
