With the Smart Door, Nuki, Austrian manufacturer of retrofittable access solutions, now also focuses on the new construction market. As the name suggests, the Smart Door is not an add-on Smart Lock, such as the Nuki Smart Lock 3.0, but an integrated solution that places the communication and locking unit directly into the door. The security of the other Nuki solutions, which has been certified by us several times, could also be confirmed for the latest access: Apart from a few minor points, our testers had very little to criticize.

In the area of mobile applications, experience has shown that there are always minor points that can be improved. However, these are always rather theoretical problems that can hardly be exploited in practice. The Nuki applications (tested in version 2022.3.1) also show a few of these points. However, it should be noted that these supposed vulnerabilities can only be exploited by an attacker if he has full control over the user’s phone anyway. For all practically relevant attack scenarios, the user does not have to worry – the Nuki app is absolutely adequately secured.

Trackers integrated into Android application; the Huawei tracker is new to the list

Apart from that, we noticed in this year’s analysis that an additional tracker from the Chinese market giant Huawei has been added to the Android app – which data is collected here and for what purpose is not completely clear, even with the help of the privacy policy. Nuki could increase the transparency by adding some details and certainly strengthen the trust of its users even more. Apart from that, the implementation of the privacy policy and the overall data-saving concept of the Nuki solutions are still exemplary.

For online remote control the Smart Door requires the already known Nuki Bridge with newest firmware installed

When communicating locally via Bluetooth or online via the Internet, we could not find any problems worth mentioning. The online communication of the Nuki Bridge (tested in firmware version 2.12.0) via the Secure Websocket protocol is adequately implemented, so that third-party intrusions are practically impossible. As far as local Bluetooth communication is concerned, everything is still implemented absolutely securely here as well: The Smart Door (tested in firmware version 1.3.2 Beta) is accessed and controlled via a completely encrypted communication identical to Nuki’s Smart Locks. Again, we tested a standard set of replay, spoofing and man-in-the-middle attacks and could not find any indications for potential manipulation possibilities.

Overall, the new Nuki Smart Door, like the manufacturer’s other products, convinced in all areas of our tests. Therefore, we are happy to award the certificate “Tested Smart Home Product” for the Nuki Smart Door.