• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

FindBiometrics

FindBiometrics

Global Identity Management

  • Biometrics
    • What are Biometrics?
    • FAQ
    • Biometric Associations
    • Companies
    • Premier Partners
  • News
    • Featured Articles
    • Interviews
    • Thought Leadership
    • Podcasts
    • Webinars
    • Year in Review
  • Applications
    • Biometric Security
    • Border Control and Airport Biometrics
    • Consumer and Residential Biometrics
    • Financial Biometrics
    • Fingerprint & Biometric Locks
    • Healthcare Biometrics
    • Justice and Law Enforcement Biometrics
    • Logical Access Control Biometrics
    • Mobile Biometrics
    • Other Biometric Applications
    • Physical Access Control Biometrics
    • Biometric Time and Attendance
  • Solutions
    • Behavioral Biometrics
    • Biometric Sensors and Detectors
    • Facial Recognition
    • Biometric Fingerprint Readers
    • Hand Readers & Finger Scanners
    • Iris Recognition
    • Biometric Middleware and Software
    • Multimodal Biometrics
    • Physiological Biometrics
    • Smart Cards
    • Vein Recognition
    • Voice and Speech Recognition
  • Stocks
  • Events
  • Companies
  • Podcasts

FTC Complaint Details Security Deficiencies of Biometric Padlocks

April 13, 2020

The U.S. Federal Trade Commission (FTC) has formally censured Tapplock for its lax security practices and misleading marketing. Tapplock is best known as a maker of biometric padlocks. The IoT devices utilize fingerprint recognition, and can be paired with a smartphone app that allows users to open their Tapplocks once they are in Bluetooth range.     

Biometrics News - FTC Complaint Details Severe Tapplock Security Deficiencies

The crux of the FTC’s complaint is that the locks are not nearly as secure as advertised. Though Tapplock boasted that its products have an “unbreakable design,” FTC researchers found that the locks were in fact quite vulnerable, from both a hardware and a software perspective. For example, one researcher was able to open the lock simply by unscrewing the back panel.

There were also several gaping security flaws in the API Tapplock used for its app. Researchers were able to bypass authentication protocols to gain full access to every user account (and the personal information contained in them). To make matters worse, the data flow between the lock and the app was unencrypted, so researchers could generate new keys that would allow them to unlock any Tapplock device in the vicinity. A similar vulnerability made it nearly impossible to revoke access once it had been granted to another user.

Given the scope of the issues, the FTC’s complaint implies that Tapplock’s smart locks were so compromised that any attempt to market them as a reliable security product would be fundamentally misleading. The two sides have now reached a settlement that bans Tapplock from making such deceptive claims about its devices, and forces the company to implement a new security program. Tapplock will also have to submit to regular third-party assessments and receive annual certification for its products.

In the meantime, the FTC suggested that Tapplock could have avoided the problem if it had followed proper security protocols. The organization advises other companies to incorporate security and authentication into the design of their products at the earliest stages, and to test those products vigorously before releasing them to market

The original Tapplock was realized thanks to a $40,000 crowdfunding campaign in 2016. The company has placed a heavy focus on enterprise-level clients.

–

April 13, 2020 – by Eric Weiss

Related News

  • U-tec Releases New Deadbolt Lock With Fingerprint SensorU-tec Releases New Deadbolt Lock With Fingerprint Sensor
  • FPC Module Appears in Aran’s New Biometric PadlockFPC Module Appears in Aran’s New Biometric Padlock
  • Tapplock Brings New Fingerprint Lock Accessories to CESTapplock Brings New Fingerprint Lock Accessories to CES
  • Tapplock Brings Enterprise-Level Biometric Padlocks to ISC WestTapplock Brings Enterprise-Level Biometric Padlocks to ISC West
  • Hampton’s New Biometric BenjiLock is TSA-Approved for TravelHampton’s New Biometric BenjiLock is TSA-Approved for Travel
  • Tapplock Announces New Fingerprint Biometric Lock and MoreTapplock Announces New Fingerprint Biometric Lock and More

Filed Under: News Tagged With: Biometric, biometric locks, biometric padlocks, Biometric Security, biometrics, fingerprint recognition, FTC, FTC investigations, TappLock, US Federal Trade Commission

Primary Sidebar

Identity is Shaping Air Travel – Time to Invest

Sponsored Links

facetec logo

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

TECH5 logo

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases. 

Learn more: www.tech5.ai

Mobile ID World Logo

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

Recent Posts

  • Another Big BIPA Ruling, Paris Olympics Legislation, NEOM Airlines, and More: Identity News Digest
  • FacePhi Co-founds Social Impact Project With Spanish University, Investment Group
  • The NSA and CISA Highlight On-device Privacy: Identity News Digest
  • On-demand Webinar: Building a Passwordless World
  • Webinar: Building a Passwordless World with Prove’s Bill Fish

Biometric Associations

IBIA and fido

Tweets

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2023 FindBiometrics