The Smart Lock Divide: Usability Advances, Security Gaps Persist
Consumer watchdogs from Beijing, Tianjin and Hebei have published a joint comparative test of 30 smart lock models from 20 brands. The findings, released on 17 April, reveal significant improvements in basic performance and user experience – but also expose worrying vulnerabilities in card cloning, data encryption and facial recognition spoofing.
A mixed picture: smarter, but not safer
The test shows the smart lock industry is not standing still. Compared with earlier generations, today's products have become noticeably more reliable, easier to install and more intuitive to use. Marketing claims have also become more aligned with reality.
As consumers demand seamless entry, remote management and multi-device integration, smart locks are evolving from simple security devices into gateways for the connected home. That has pushed brands to iterate rapidly on features.
But the results also deliver a sharp reminder: more intelligent does not automatically mean more secure. For a product that guards the front door, security remains the core value – not a checklist of gimmicks. The test found wide variation in protective capability across brands, particularly in areas that matter most against real-world intrusion risks. Progress in usability has not yet translated into universal gains in security.
The tri‑region investigation – led by the Beijing Consumers Association, Tianjin Consumers Association and Hebei Administration of Market Regulation – is more than a problem‑spotting exercise. It urges the industry to rethink its priorities. As the smart lock market shifts from growth to maturity, consumer attention is moving from does it have smart features? to are those features genuinely safe? The competitive battleground, the report suggests, is now returning to fundamental security engineering – not specs, looks or marketing hype.
Three critical security gaps exposed
1. Weak protection against IC card cloning
Of the 30 models tested, 19 came with IC card access. In 12 of those 19, a cloned card was able to unlock the lock. The finding points to flawed electronic key management and weak identity authentication. A user who wears their door card on a lanyard or leaves it briefly visible in a public space could be at risk of silent cloning and unauthorised entry.
2. Unencrypted data transmission
Among the 27 models with network connectivity, three transmitted user credentials and remote‑unlock commands in plain text – with no effective encryption. This is a high‑severity flaw: if a login token or control instruction is intercepted en route, it could lead to account compromise, illegal remote unlocking or wider privacy breaches. As smart locks increasingly join home networks and cloud platforms, cybersecurity can no longer be treated as an afterthought.
3. Facial recognition spoofed by a printed photo
Several face‑unlock models were fooled by a flat image taken with an infrared camera. For many consumers, facial recognition feels premium and advanced – and is often assumed to be more secure. But without robust liveness detection, that convenience becomes a fresh vulnerability. The test confirms that biometric features must be not just implemented but verified, anti‑spoof and attack‑resistant.
A return to security‑first competition
The greatest lesson from the comparative test is that the smart lock industry needs to change its development logic. For too long, competition has revolved around the number of unlocking methods, app functionality, design flourishes and marketing buzzwords – making products look smart. But long‑term consumer trust and sustainable growth rest on one foundation: genuine security.
Every added feature must be built on a base that truly locks, holds and defends. Without that, no amount of bells and whistles will earn lasting market confidence.
For manufacturers, this is not merely a technical fix – it is a shift in product philosophy. Future R&D must prioritise encryption, robust authentication, anti‑cloning design, liveness detection algorithms and holistic security architecture. These cannot be treated as optional add‑ons or marketing bullet points. Security must be the starting point of design, not a patch applied after launch.
At the same time, stronger standards, independent testing and third‑party oversight are needed to create clear, transparent security thresholds across the industry.
What consumers should look for
The test also offers practical buying advice:
For facial recognition: prefer models using 3D structured light or dual‑infrared stereo liveness detection – not simple camera‑based matching.
For card or network functions: check whether the product includes cloning protection and end‑to‑end encryption, rather than relying on brand claims or low prices.
As consumer awareness of these risks grows, that pressure will in turn push brands to close the gaps – driving the industry towards a new phase defined by genuine security and quality.