Accreditation ensures the award-winning smart lock has passed the most stringent industry testing for physical and digital security
Protection against electromagnetic interference, cyber-attacks and data hacking are just some of the stringent tests passed by Ultion Nuki smart locks to achieve the British Standards Institution (BSI) Kitemark™ for the Internet of Things.
While BSI testing procedures are a closely guarded secret, Ultion can reveal some of the hurdles it had to overcome to achieve the respected accreditation, which even included production line inspections to ensure the manufacturing process is secure.
Ultion Nuki locks sailed past testing for electromagnetic interference ensuring they remain secure and not hackable even if bombarded with radio waves and/or electromagnetic shocks.
Cyber security trials proved the locks protected against attacks and that any data intercepted to or from the devices were encrypted and couldn’t be deciphered. This included confirmation USB flash drives can’t be plugged in to access data or corrupt firmware.
Additionally, the BSI checked the software update process was watertight and even tried to load hacked firmware to confirm it would be rejected. Other tests included running batteries until flat to make sure the locks remain secure when reliant on mechanical operation only.
Aside from the locks themselves, the BSI was also required to attempt several attack methods on the Nuki app to confirm it would fend off hacking techniques, couldn’t be exploited, and its coding couldn’t be breached.
Among the mechanical resistance testing undertaken, Ultion Nuki locks were required to operate for 100,000 cycles as a mark of rock-solid build quality – the equivalent of being used seven times a day for 39 years.
The locks were challenged to operate at extreme temperatures ranging between -20°C and +60°C and at 95% relative humidity to confirm dramatic climatic changes would have no impact.
Physical attack resistance was also required to combat drilling, picking, bumping and snapping attacks. Snapping remains the most common way to breach a Euro Cylinder lock, with some standard locks able to be breached in just nine seconds.
Ultion is so sure its locks cannot be breached by snapping that it offers a £5,000 security guarantee should someone break in by doing so – a promise it has never had to pay out on.
Ultion Nuki smart locks – a result of a successful partnership between British security leader, Ultion, and Austrian tech brand, Nuki – were already among the world’s most secure smart home devices.
This is down to a combination of using durable materials 25% denser than iron, proprietary technologies such as Lockdown Mode™ triggering an extra layer of security when forced entry is detected, and the highest levels of AES encryption backed up by banking standard cryptography.
Nick Dutton, CEO of Ultion, says: “The BSI Kitemark™ for the Internet of Things was a considerable but ultimately important investment to give peace of mind to our customers knowing their home, belongings, and loved ones are protected.
“It means Ultion Nuki locks meet the highest security for both digital and physical security and quality standards online and offline. It also means the product will be continually tested to meet industry standards, and we’re proud that we have passed with flying colours.”
Pricing and availability
Ultion Nuki and Ultion Nuki Plus are available from Ultion and Amazon priced at £259 and £379 respectively with a range of accessories including a Wireless Fingerprint Keypad for even greater entry and locking options to make life that little bit easier.
About Ultion
The Ultion lock with Lockdown Mode™ first won over the demanding locksmith market in 2013. Exposing the fact that locks fitted to millions of UK homes could be breached in just nine seconds, along with a security guarantee, secured fenestration market success. Ultion’s innovative technology is recognised for delivering premium security and setting new standards. With usual lock standards requiring 100,000 cycles during testing, Ultion locks undergo 1.1m. Where weather tests require 240 hours, Ultion handles are tested for 8,056. Ultion is the uncompromising name people want fitted on their door.
Who are the BSI?
BSI (British Standard Institution) is the business standards company that helps organisations all over the world with testing and training, to ensure products and services that consumers purchase meet certain criteria of excellence. The BSI Kitemark is a symbol of trust, signifying that each product allowed to display the mark on the packaging, has gone through a serious of tests and achieved the highest standards. For over a century, the symbol has made it easier for consumers to recognise the mark of excellence and as such, make an informed choice.
What is the BSI Kitemark for IoT Devices?
To maintain the awarded Kitemark, products must also undergo ongoing rigorous and independent assessments to make sure the device functions and communicates as it should, and that it has the appropriate security protocols set in place. This includes functional and interoperability testing, further penetration testing and audits to review any necessary remedial action. If security levels and product quality are not maintained the BSI Kitemark will be revoked until any flaws are rectified.
BSI Kitemark scheme requirements?
- Achieve and maintain conformity to ISO 9001 (Quality management system)
- Have passed the:
- relevant product performance and safety tests
- interoperability tests between devices and the internet
- initial penetration tests which scans for vulnerabilities and security flaws
- Regular monitoring and assessment comprising
- functional/interoperability tests
- penetration tests
- Kitemark audit to review the penetration results in context of the product, and review what actions have been taken
Why is there a need for an IoT Kitemark?
The BSI chose to develop a kitemark specifically centred around IoT products due to the growing demand for connected products and the spread of these now available for consumers. There is a wide choice of such products in the market, from cheaper devices with limited functionality to more complex expensive products that connect and share information between each other and the wider network.
The rise of such devices means the rules and regulations around data transfer, security and functionality need to be more stringent. The idea of this Kitemark is to mark those products that have passed the set of rigorous tests to make it easier for consumers to recognise and make an informed choice. Devices with the IoT kitemark can then be visibly seen as trustworthy, safe and secure.
According to BSI*, it is estimated that every household in the UK owns at least 10 internet-connected devices, with this number expected to increase to 15 by 2020. At the same time, it is estimated that over a quarter of identified attacks will involve IoT devices, as recent high-profile breaches have demonstrated.