China’s so-called smart locks are riddled with security risks, according to a report released Sunday by the China Consumers Association (CCA), a state-affiliated consumer rights watchdog.
The report, which examined 29 electronic locks purchased either online or in-store, refocuses attention on deep-seated privacy issues in the country’s consumer tech industry. Researchers found that 85.7% of locks activated by microchip-embedded cards, 50% of fingerprint-activated locks, and 48.3% of password-activated locks exhibited security risks. Several big-name manufacturers fared poorly on certain CCA tests, including Samsung, Panasonic, and the Chinese electronics maker TCL.
Compared with their traditional key-operated counterparts, smart locks allow users to operate doors by inputting personal passwords, biometric information, or commands issued from authorized devices like smartphones and computers. The increasing number of smart locks that connect to the internet can be integrated into larger home security and maintenance systems, but this also leaves them vulnerable to hackers.
The findings of yesterday’s report, which are the results of a collaboration between the CCA and three municipal and provincial consumer associations, come four months after state broadcaster China Central Television (CCTV) publicized a report by the State Administration for Market Regulation (SAMR), China’s market watchdog, estimating that around 15% of 40 leading smart-lock models could be compromised, often by exposing them to devices that emit electromagnetic pulses.
Although only one of the smart locks featured in yesterday’s report succumbed to such devices, many models performed poorly in other areas, such as structural tests in which researchers tried to physically break into locks with common tools. One such product, manufactured by the Guangdong-based company Atomlock, opened within 73 seconds, while locks made by Samsung and TCL opened within 79 and 85 seconds, respectively. A lock by the Beijing-based company Loock lasted the longest at 1,254 seconds.
In addition, many products failed to meet Chinese legal standards requiring smart locks to give an alarm signal when submitted to external force, the CCA report said. Only 15 of the 29 locks evaluated fulfilled this requirement.
However, certain products performed better in other tests. The vast majority of smart locks do a good job of protecting users’ personal information, work normally during voltage fluctuations, and have strong emergency and backup power supplies, the report said.
A 2017 white paper estimated that China’s smart lock market was worth 195 billion yuan ($28.8 billion), and Chinese smart lock manufacturers sold around 21 million products in 2018, according to CCTV’s report. Last year, tech giant Baidu led a 600 million-yuan investment round in Yunding Network Technology, which owns Loock.
Some consumers see smart locks as precursors to installing so-called smart home systems, which allow them to remotely control their lighting, heating, security, and home devices, via either smartphones or computers. Smart home systems were worth nearly 400 billion yuan in China last year, and the industry has an annual growth rate of around 20%, according to market research company Daxue Consulting.
Smart home security is just one consumer trend in a country rapidly embracing high-tech solutions to everyday problems. But China’s eager embrace of technology is causing privacy concerns, too. In March, Sixth Tone revealed how AI companies are installing surveillance cameras in classrooms across the country, often tracking student behavior without obtaining prior consent from families. And in December, a Guizhou-based manufacturer of microchip-embedded school uniforms attempted to quell a public outcry by dismissing claims that their technology tracked children round the clock.
Additional reporting: Hoi Ying Lo; editor: David Paulk.
(Header image: A man tests a smart lock in Guangzhou, Guangdong province, 2018. Ma Qiang/Southern Metropolis Daily/VCG)