Security Experts:

Connect with us

Hi, what are you looking for?



FTC Settles With Canadian Smart Lock Maker Over Security Practices

The Federal Trade Commission (FTC) has approved a settlement with Canadian smart lock maker Tapplock, which allegedly falsely claimed that its devices were designed to be “unbreakable.”

The Federal Trade Commission (FTC) has approved a settlement with Canadian smart lock maker Tapplock, which allegedly falsely claimed that its devices were designed to be “unbreakable.”

Toronto-based Tapplock, Inc. is an Internet of Things (IoT) technology company that provides smart security solutions for both business and end-users alike. It sells Internet-connected smart fingerprint padlocks that interact with users’ mobile devices when within Bluetooth range.

According to the FTC, although the company advertises its locks as highly secure, these devices are not secure. Moreover, the commission claims that Tapplock hasn’t taken reasonable precautions, and failed to follow industry best practices and keep collected consumer data secure.

Personal information collected by the Tapplock app includes usernames, email addresses, profile photos, and the smart lock’s precise location.

Security researchers have identified both physical and electronic vulnerabilities in Tapplock’s devices, allowing easy access to attackers. Moreover, users cannot effectively revoke access to their locks and the account authentication process can be bypassed, resulting in leaked personal information.

In its complaint, the FTC also alleges that Tapplock failed to take the necessary measures that would have helped it identify electronic vulnerabilities in its locks.

Last week, the agency approved a settlement initially announced in April. The settlement requires Tapplock to implement a security program and prohibits the company from misrepresenting its privacy and security practices.

Furthermore, the IoT provider is required to subject its information security program to third-party assessments every two years, and the commission has authority to approve the assessor for each two-year period.

“After receiving no comments, the Commission voted 5-0 to finalize the settlement,” the FTC announced.

Related: Massachusetts, Indiana Settle With Equifax Over 2017 Data Breach

Related: InfoTrax Settles With FTC Over Data Breach

Related: Tech Companies Partner to Securely Connect IoT to Cloud

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...