FTC: ‘Smart’ Locks Leak Personal Data

Tapplock smart lock

According to a recent report from the FTC, “smart locks” produced by Tapplock are leaking users’ personal information and not delivered the security they promise.

Ars Technica reports that a recent investigation by the FTC has discovered a smart padlock created by the Canadian firm Tapplock Inc., has a number of digital and physical vulnerabilities that leave users at risk.

The lock, which is shaped like a normal padlock but can be opened via the user’s fingerprint or a Bluetooth app, reportedly has a number of issues that have not been disclosed by manufacturers. In fact, the FTC alleges that Tapplock made a number of false claims and advertisements about the device.

“We allege that Tapplock promised that its Internet-connected locks were secure, but in fact the company failed to even test if that claim was true,” Andrew Smith, director of the FTC’s Bureau of Consumer Protection, said in a written statement. “Tech companies should remember the basics—when you promise security, you need to deliver security.”

Tapplock’s advertisements state that its flagship product the Tapplock One can store up to 500 user fingerprints and can be connected to an “unlimited” number of devices via an app. Tapplock also collects a great deal of personal information on users including usernames, email addresses, profile photos, location history, and the precise location of a user’s lock.

The complaint from the FTC states that Tapplock’s privacy policy promised, “we take reasonable precautions and follow industry best practices to make sure [personal information] is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed.” But that in June of 2018 three separate security researchers identified “critical physical and electronic vulnerabilities” in the locks.

Read more about the FTC’s complaint at Ars Technica here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com


Please let us know if you're having issues with commenting.