Learn how AES-256, RSA asymmetric encryption and local storage keep our smart locks safe—straight from the manufacturer.
As sellers of smart locks we get one question more than any other: “Can this be hacked?”
Below is the transparent, engineering-level answer we give every prospective buyer—no marketing fluff, just facts and the exact steps we take to protect your home.
1. The Two Encryption Engines Inside Every Lock
- AES-256 (Symmetric)
– Same 256-bit key encrypts and decrypts.
– Used for real-time commands (unlock, lock, temporary codes).
– 14 rounds of substitution+permutation make brute-force attempts mathematically unrealistic with current computers . - RSA-2048 (Asymmetric)
– A one-time “handshake” protocol.
– Our lock generates a unique RSA key-pair during manufacturing.
– The private key never leaves the secure element inside the lock; only the public key is exposed to the app/cloud .
– Every session key is then derived via ECDH, so even if traffic is captured it cannot be replayed.
2. Local vs. Cloud Storage—Where Your Secrets Live
Local (Edge) Storage
✅ Private keys, biometric templates and access logs sit inside a CC-EAL5+ certified secure chip soldered to the PCB.
✅ Chip is write-only; no remote read command exists.
✅ Continues to work if the internet is down.
Cloud Storage (Optional)
✅ Only encrypted blobs live on our AWS-based cluster—no plaintext credentials.
✅ We use envelope encryption: each blob is AES-encrypted with a unique data key, and that key is RSA-wrapped with our cloud KMS.
✅ Result: a breach of the cloud server reveals nothing useful to an attacker .
3. Real-World Attack Scenarios We Test Against
- Replay attack – blocked by 60-second rotating tokens.
- Man-in-the-middle – blocked by mutual TLS + certificate pinning between app, cloud and lock.
- Firmware downgrade – prevented by signed firmware images (RSA signature verified by bootloader).
- Physical extraction – secure chip self-zeros if tamper mesh is breached.
4. What Users Can Do to Stay Safe (Yes, You Have Power)
- Use 12-character+ alphanumeric passcodes; never reuse old PINs.
- Enable two-factor authentication in the app.
- Accept OTA firmware updates—every patch ships with a published CVE list.
- Pair over Matter/Zigbee instead of open Wi-Fi when possible .
5. Bottom Line from the Sales Floor
No connected device is “unhackable,” but with AES-256 + RSA-2048, secure-element key storage, and strict local-first architecture, the cost of a successful attack exceeds the value of what’s behind the door. That’s the security standard we put our brand on—and the reason we offer a 5-year, no-questions-asked warranty.
