Apple stores in the United States have started to sell exterior door locks for homes that can be unlocked using an iPhone or Apple Watch.
The Level Lock+, made by smart lock manufacturers Level Home, works in tandem with Apple Home Key and is the first lock that supports the key to be sold in Apple stores.
Preventing unauthorized entry to one's home or business premise is quite a different ball game to protecting, say, a social media account, and there are few analogs to quick, affordable security fixes like password managers available in the home security space. Buyers should be aware that security questions over smart locks and digital keys remain.
Apple Starts Selling Exterior Door Locks in Store
Available for $329, the Level Lock+ is the second smart lock to support Apple's key after the Schlage Encode Plus, and the first Apple Home Key-supported device to be sold in Apple stores.
When installed, users can simply tap the Apple Home Key on their door to gain access to their house, and even send the key to friends or family who need it.
As well as a Home Key, Apple has also launched a Car Key that unlocks a range of supported vehicles including BMWs and Hyundais, and Room Key, which functions similarly but for hotels, within the past year.
Is Apple’s Door Lock and Home Key Secure?
There are definitely some prima facie security risks associated with Smart locks and Apple’s Home Key. For one, if you lose your phone, you’ll have lost the key to your house too.
If someone finds a physical house key, it's near impossible to find out which house it unlocks. Conversely, your Apple Home Key is stored on your phone, which may also have your address contained somewhere within it.
This issue, however, can be alleviated if you enable Lost Mode through Apple’s “Find My” which will disable elements of Apple Wallet including Home Key. But this still requires the end user to take some steps they may not necessarily know how to, or take in time. Human error – as well as ignorance – is the genesis of many a cyberattack.
Another risk centers around the fact you can text a key to someone else. You could easily send the key to the wrong person, for example, and this will again rely on the end user to first realize they made a mistake and then take steps to rectify it.
WhatsApp scammers have had success over the past year or so in convincing unsuspecting parents that their children need money in “Hi Mum, Hi Dad” scams – there’s no reason a similar social engineering ploy could not be made with a key. “I’m in the area – can you let me into your house?” scams could just be around the corner.
All in all, storing a digital key on a device that is connected to the internet brings with it some security risks that naturally fail to arise with a physical key. If a threat actor manages to subsume control of your Apple device through one means or another, it's possible they'd be able to subsequently gain access to your home or other Apple-secured locations.
Such vulnerabilities aren't unheard of. Back in 2017, a vulnerability in iOS 11.2 allowed, in theory, “unauthorized control of accessories including smart locks and garage door openers” within the iOS HomeKit.
Other Security Issues With “Keyless” Locks
Unfortunately, other items with keyless locks don’t have the best security track record.
Many vehicles now support keyless locks, and criminals have been observed picking up the signals emitted by keyfobs on, say, a worktop inside a house, and then boosting the signal to within range of a target car using a small electronic device, and subsequently unlocking vehicles.
Tracker, a leading stolen vehicle recovery provider in the UK, reported that 94% of the stolen cars it recovered in 2021 were keyless.
The Relentless Smartification of Our Lives
The Level Lock+ is BHMA AAA certified and one of the most secure and durable keyless locks ever created.
If Apple has to sell a keyless smart lock, then it’s a good thing it’s this one – and of course, security risks come with whatever method you choose to secure your house or vehicle with. Physical locks can be picked, for instance, whilst Smart locks can’t be tampered with in the same way.
But turning a key digital, and storing it on a device connected to the internet, seems to introduce a whole world of new and arguably unnecessary security vulnerabilities for very little payoff.
The primary motivation behind the device is convenience, not security – and if that trade-off continues to be made with Smart devices, the consequences could be severe.