Security is a key priority for Smart Home devices, especially with regards to electronic door locks. Long-time members of the Nuki community know that we have invested a lot of time and development resources into the Nuki encryption concept. The safety of your home has been paramount to us from day one. As a result, we also have the security of our Nuki products regularly tested by external research institutes.
AV-TEST, the independent German research institute for IT security, has already tested Nuki extensively in the past two years. In April 2020 their experts took another close look at our products. This time the Nuki Combo 2.0 – consisting of Nuki Smart Lock 2.0 and Nuki Bridge – as well as the Nuki App (free-to-use for iOS and Android) were put through the quality assurance procedure by AV-TEST.
As in 2018 and 2019, we successfully passed the test process and AV-TEST again certified the Nuki hardware and software as “Secure Smart Home Products”.
“Already for the third time in our test laboratory for certification: The combination of Smart Lock 2.0 and Bridge from the Austrian manufacturer Nuki. In the past two years, the solution has convinced with a well thought-out and adequately implemented security concept and exemplary practice in the area of data protection and privacy.
This year, our testers again found an unchanged solid implementation, which repeatedly left little room for serious criticism and thus for the third time deservedly received our certificate “Approved Smart Home Product”.”
AV-TEST, April 2020
The detailed test report can be found at the AV-TEST website.
A lot of questions on data protection and data security naturally come up within our Nuki community. So we have asked Jürgen Pansy, Head of Tech and Nuki co-founder, to answer some of these FAQs about Smart Home security.
Have there ever been any significant security issues identified and resolved by independent testing procedures?
Jürgen Pansy: No. Neither independent external institutes – such as AV-TEST or Zillner IT-Security – nor various hackathons have ever identified any security-critical gaps.
In the past, some weak points related to Bluetooth have been discovered. However, Nuki was never affected. Why not?
Jürgen Pansy: The biggest issues were found in the standard Bluetooth encryption. Since we use our own encryption method at Nuki, we were not affected by these developments in the last years. As a result, we guaranteed maximum security at all times. When it comes to the Nuki Bridge the protocol is even based on SSL & WiFi encryption, whereas data is even multiply secured.
AV-TEST praises that Nuki uses customer data in an exceptionally sparing manner. What makes Nuki a role model and how does it differ from other manufacturers in handling data?
Jürgen Pansy: Nuki does not request any personal data for the use of its products. To put it simply: Where no data is collected, no data can be stolen. Furthermore, the Nuki system is GDPR compliant with servers in Germany, Central Europe.
What was the biggest challenge in creating the security concept for the Nuki Smart Lock?
Jürgen Pansy: It was a must-have criteria for us to offer a Nuki Smart Lock which is able to be operated individually as well as together with the Nuki Bridge and via various cloud services. Of course, we wanted it to offer maximum security in each of these specific configurations. At the same time it had to be easy to install and use. All these requirements included in a concept that offers a high level of security at the same was certainly the greatest challenge.
Do all the Nuki accessories meet the same security standards as the Smart Lock?
Jürgen Pansy: Yes, the Nuki Fob and Nuki Keypad have the same encryption protocol as the Nuki Apps. We have exposed and published this in our developer area.