The Nuki Smart Lock has been featured by the renown Kassa TV-show in the Netherlands. The clip mentioned the positive aspects of having a Smart Lock (convenience, peace of mind, smart access management) and also included a statement by the IT security company Secura highlighting a potential security risk when using a Nuki Smart Lock under certain conditions.
More specifically, Secura stated: The Nuki Smart Lock has a button that allows for Bluetooth pairing with a new device (smartphone, Fob). By default, users can pair new devices to their lock by pressing the button for 5 seconds and then run through the pairing process. Once a new device is paired it can be used to lock or unlock a Nuki Smart Lock. Although Nuki offers an option to deactivate the button for pairing in the settings of the Nuki App, Secura recommended that this should be a default setting to prevent a security risk in certain scenarios (e.g. on doors containing a letterbox or when access is granted to strangers for deliveries).
As you know, we at Nuki are taking these recommendations very seriously and are well aware of our responsibility as the leading provider of smart access solutions. This was just recently reconfirmed by AV-Institute in their security test.
Our decision to allow Bluetooth pairing via the button by default is a feature choice by Nuki as we believe potential benefits (like to still have the Nuki Smart Lock accessible when the administrators’ phone got lost) outweigh threats directly linked to this feature. Until today, after selling more than 50.000 Smart Locks in Europe, this topic has never lead to any unwanted incidents for our users.
In addition, this default setting can be changed very easily in the Nuki app. To do that, simply open your Nuki app and go to ‘Settings’ > ‘Manage Smart Lock’ and disable the option ‘Bluetooth Pairing’. Besides the Bluetooth pairing, there are of course other ways of inviting new users (via Nuki App and Nuki Web). Instructions on how to deactivate this default setting can also be found on our website.
In specific use cases we proactively advise to deactivate the Bluetooth pairing (like for example in our Nuki installation guide for hosts).
We are known to adapt our products in line with our customers needs and have decided to take the following actions:
- existing Nuki customers are informed via this blog post in case they don’t have the right setting activated
- we will add the information about the possibility to disable Bluetooth-pairing in the welcome mailings to all new Nuki customers in future
- we are working to enable push notifications for Nuki users to get notified when, how and who opened the Smart Lock for immediate alerts
- we will review the current setup process for a Nuki Smart Lock to have a more direct reference to the option to disable the Bluetooth pairing via the button
The topic of security is of utmost importance to us. When it comes to Smart Locks consumers justifiably do have questions and concerns around the topic of safety. Especially as the topic of in-home delivery and in-home care are expected to be growing in future, we take the suggestion very seriously in order to further strengthen our position on the market of smart access solutions.