Smart Lock - 5 in 1 Fingerprint Door Lock, Password, Bluetooth Smart Locks, Biometric Identification Fingerprint Key Digital NFC, Code Locks for Home, Office, Hotel (APP Smart Management)

1755315881515959096191177544301894×862 81.6 KB

INTRODUCTION

Simple to install, good build quality, use it with or without app, multiple methods of opening

IMPLANT COMPATABILITY

xNT
NExT
NExT2
xMagic
FlexNT
FlexM1
FlexUG4
APEX Flex
Flex Secure

Screenshot_20250817_155112_TTLock1080×2101 139 KB

TESTING INCLUDING READ RANGES

In reality, they all read and when you use it, you will make contact because it’s just easier, but generally, xSeries = Contact, Flex 5mm-10mm

TEARDOWN

N/A

LINKS & RESOURCES

PROs

• Feels like good build quality zinc alloy

• Multiple opening methods: RFID, Key, Fingerprint, Bluetooth, pin code (also CON due to security vulnerability)

• Quick install ~10mins ( Instructions look good if you need them )

• USB-c battery back up, to prevent lock out

• Universal fitting size for MOST (adjustable) and compatiable with left / right doors

• Works with xSeries and Flex implants

CONs

**

• Internal doors only ( It looks like it could be used outside, but maybe only if it is mostly sheltered )

• Uses 4 x aaa batteries - unsure of the life expectancy, Claimed about 3-6 months (8000 openings)

• Multiple opening methods: RFID, Key, Fingerprint, Bluetooth, pin code = security vulnerability

HACKS

Other than a RSP sticker None attempted -

The Sticker does cover the numbers, and for the sake of realism, it removes the pin pad as a viable option unless you avoid those 2 numbers and have a 8 button option.

Possible Hack, you could tap into the battery compartment and add a Power bank supply.

EXPLOIT

Haven’t tried the common known one, and I like to keep that one one quiet, but I will do and update with the results

PRICE

USD$63

SUMMARY

All in all, a well priced, well made, multi purpose lock that is cyborg friendly

LINKS AND RESOURCES:

POLL

Rating by the community

PLEASE ONLY VOTE IF YOU HAVE ONE OR HAVE USED ONE

=

=

=

=

=

My Rating

4 Star from me, Only because it needs a Repeater Sticker to be usable

With the Sticker

Special thanks to @hamspiced for the Repeater Stickers

Tested, no exploit.

Thanks for that great review! I think I found the FCC ID for that specific lock - might be wrong, you can judge by the photos.

The neat part about FCC IDs is that you can look them up and get pictures and data from the testing process, including pictures of the internals, which might spare you the teardown. (Though if you want to do a tear down, spoiler alert!)

As I said, not sure if it’s the exact same one, if you find a different FCC ID somewhere on there you might give that one a try

I like this one it looks clean AF.

I’ve been using this class of smart lock for a while on both internal and external doors. By class I’m referring to the dozens (hundreds?) of inexpensive NFC + App + Fingerprint locks manufactured in China.

I think they’re great and worth the tradeoffs, but the biggest security vulnerability isn’t a keypad PIN or physical key cylinder, but the app + Bluetooth control. Most of the locks require the use of the app to enroll new RFID keys and fingerprints. A few, like the older Ultraloq locks (unsure about the new ones) provide a master RFID card that can be used to enter programming mode for enrolling additional fingerprints and RFID fobs.

The apps used for these locks appear to all use the same two or three core software libraries for actually handling the exchanging of enrollment data, making them bigger targets for class breaks (either private or government sponsored).

I personally don’t really care that the manufacturer of the lock could open my door with some modified software, but I wouldn’t ever recommend these for any kind of sensitive access unless the app/Bluetooth control could be fully disabled.

Yeah buddy, all good advice and agreed.

Bigger picture, and I have mentioned this on a number of occasions for people with those concerns.

“Do you have glass windows?”
Fuck the lock, it’s just there to keep honest people out.

As you say

Yeah, Easy option, and avoid the app, just copy the provided MFC 1k

Or use a burner android for enrolling.

If somebody wants ACTUAL security, these are not the locks for them.

Convenient they are
High security they are not

Yeah that’s the thing. Having a normal lock is not that big of a difference. I’d say it’s even more of an issue as tools for opening them are readily available and can be opened by anyone with some training.

Fingerprint and most other forms of biometrics shouldn’t be used as a single factor for authentication either. Especially since you leave your fingerprints everywhere. And of course also on the lock itself.

Many years ago there was this fun kind of protest where Germany’s biggest hacker club got the fingerprint of the interior minister, who pushed heavily for biometric identification, from a glass of water he used at a public speaking event. They then proceeded to create a ready-to-use fake fingerprint and had it as an extra to their club magazine. Link in German if anyone’s interested.

I mean it all comes down to your threat model. If you want to guard a data center with sensitive information and want to prevent a dedicated attacker from a quick, silent entry, you probably should not have a lock with some random chinese app from alibaba.

But if you want to keep your small kids out of your workshop but don’t want to fumble for your keys 10 times a day, these are priceless. I

I’d have to agree.. when it comes to door locks and physical security, I’ve never seen anything like Europe (certain areas). They have history going back thousands of years of shit people breaking into shit hovels doing shit things to each other. The most basic doors and door locks are usually well above what a typical residential door and lock setup would be in the USA.. usually metal not wood.. usually welded frames not stickframed door jams.. usually mortise locks not latches. Then again, over half the homes in the USA have guns in them.

Back when I used to give a lot of talks, I would always reference this case to show how biometrics (static data) can be worse than a password (which you can change).