After we had the Nuki Smart Lock 2.0 in our test lab for certification for the 4th time in May this year, the brand new version 3.0 of the smart, retrofittable door lock from Austria reached us as well. Like its predecessors, it went through the same extensive testing procedure in our labs, and just like its predecessor, all test areas were mastered with flying colors. Accordingly, the new product version continues the certification successes and receives the certificate “Approved Smart Home Product”.
In the static analysis of the device itself, the new lock revealed no indications of an exploitable vulnerability, whether via local nor via online communication. As with its predecessor, a secure WebSocket connection tunneled via TLS is used here, which is practically impossible to compromise. As always, we have done our best to construct a promising attack from an attacker’s perspective. However, as long as you stay in the realm of real life scenarios, you don’t really stand a chance here and have to conclude that the communication security still has to be considered absolutely adequate.
The mobile applications on Android (v2.9.0-beta) and iOS (v2.9 build 2117), which have also been tested several times in the meantime, do not have any significant or newly introduced vulnerabilities this year and are still cleanly designed and implemented. Of course, there are points here and there where the concept could be further hardened, but these are always present.
Overall, the 3rd version of the Nuki Smart Lock manages what its predecessor also managed several times without any problems: a successful completion of the AV-TEST certification process. As with its predecessor, there were no serious shortcomings in any of the relevant test areas, and the smart door lock deservedly receives the “Approved Smart Home Product” certificate in version 3.0 as well.