In May 2021, the French manufacturer Somfy plans to release its new product on the now widely diversified market of smart locks in Germany, Switzerland and more european countries. Already now, this “Door Keeper” smart lock has successfully undergone our extensive certification procedure. The following report will briefly explain how and in which points the smart lock scored.

Features

The “Door Keeper” solution, which is already available in France, essentially consists of the Door Keeper itself (tested by us in firmware version 4.1) mounted on the door and responsible for the locking operations, together with a gateway that handles control and/or communication via the Internet. The Door Keeper itself communicates with the gateway via Bluetooth LE. In addition to this basic setup, Somfy also offers an optional badge reader with keypad as well as RFID key fobs, cards and bracelets (MiFare Ultralight standard), with which access to the smart lock can be organized and realized. When on the move, the lock can be controlled or access rights edited via mobile apps for iOS and Android (“Somfy Keys”; tested in version 1.4.2).

Optional Badge Reader with Keypad

Local and online communication

For this point, we observed and analyzed all incoming and outgoing traffic of the gateway and the mobile applications and came to the result that no obvious vulnerabilities or potential weak points could be identified in regards to the communication via the Internet. The mobile applications as well as the gateway itself only communicate fully encrypted and adequately secured against all common standard attacks, such as man-in-the-middle attacks. The device scan on the gateway itself also did not reveal any indications of a possible misconfiguration or misimplementation.

As already mentioned, the Door Keeper lock itself locally only communicates via the Bluetooth LE protocol, which naturally has some weak points in its out-of-the-box configuration that manufacturers have to compensate for. But even in this area, no obvious weaknesses could be identified during the analysis.

Control via mobile applications

Privacy

In this area, we analyze the product and its corresponding mobile applications in regards to unnecessary data collection or user behavior analysis and check the privacy policy for GDPR-conformity. But also here, there is little to complain: The mobile apps only require the permissions needed for functionality and do not provide any obvious indications of excessive data collection. The general Somfy privacy policy linked in the store and apps is quite extensive, sufficiently detailed on all essential areas and also localized in multiple languages. It addresses all of the company’s products and services in detail, and therefore also covers the smart door lock together with the associated apps.

Verdict

The “Door Keeper” solution from the French manufacturer Somfy delivers a solid performance in all important areas. The few points of criticism that we identified during the analysis were responded to immediately and adequate solutions were implemented effectively. The smart door lock is thus on an absolutely solid security and data protection level and accordingly earns the AV-TEST certificate “Approved Smart Home Product”.