The Austrian manufacturer Nuki has been putting its popular Smart Lock solutions through our certification tests for years, underlining its commitment to further improving Nuki products and keeping them secure and up to date. We tested the first version of the then relatively new Smart Lock back in 2017. Since then, versions 2.0 and 3.0, the Opener and the Nuki Smart Door have also gone through our certification process, confirming the consistently high level of security year after year. At the beginning of 2024, we now had the opportunity to take a close look at the new version 4.0.
A major innovation in version 4.0 compared to its predecessors is certainly the newly implemented compatibility with “Matter”. For those who are not yet familiar with it, Matter is an open smart home standard that aims to improve interoperability between different devices and platforms. Originally launched as “Project Connected Home over IP” (Project CHIP), Matter was supported by leading technology companies such as Apple, Google, Amazon and also Nuki. The aim is to create a common language for smart home devices to enable seamless integration and interaction between different brands and platforms. Matter is based on open standards such as IP (Internet Protocol), Ethernet and Thread to ensure broad compatibility and long-term sustainability in the connected home. The initiative aims to increase user-friendliness and focus on data protection and security standards in smart home technology. By supporting the standard, Nuki is making its Smart Lock fit for the future, ensuring long-term compatibility even if the user’s Smart Home ecosystem changes and guaranteeing that the product will be secure to operate in the years to come.
Apart from this innovation, we have of course, as usual, analyzed all relevant security aspects of the new version and evaluated them according to our constantly increasing requirements for the certificate.
In the static analysis of the device itself, the new lock did not reveal any indications of an exploitable vulnerability, be it via local or online communication. As with its predecessor, securely implemented Bluetooth communication is used for local communication and a secure WebSocket connection tunneled via TLS for remote control. As always, we have gone to great lengths to construct a promising attack from an attacker’s perspective. However, as long as you stay within practically relevant scenarios, you do not really stand a chance here. Communication security must still be regarded as absolutely adequate. Even if a security analysis of the new Matter standard was of course not part of the certification test, no new vulnerabilities are to be expected because of it. The open design of the standard and the involvement of so many well-known companies in the implementation and assessment mean that a very high level of security can be expected.
The mobile applications (Android io.nuki v2023.12.1 and iOS io.nuki.ios v2023.11.3), which have now also been tested several times, do not have any significant or newly introduced vulnerabilities this year either and are still cleanly designed and implemented and show steady improvement. Of course, there are places here and there where the concept could be further improved, but these are practically always there and everything we can say here falls into the category of “complaining at a high level”.
Overall, the 4th version of the Nuki Smart Lock achieves what its predecessors did several times without any problems: a successful completion of the AV-TEST certification process. As in previous years, there were no serious shortcomings in any of the relevant test areas and version 4.0 of the smart door lock has once again been awarded the “Approved IoT Product” certificate. Congratulations!