Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

An open Aliro lock: your iPhone unlocks the door as you walk up

0
Medium
Security-newscybersecurityreddit
Published: 07/14/2026 (07/14/2026, 06:11:54 UTC)
Source: Reddit Cybersecurity

Description

The open Aliro lock project enables hands-free unlocking of doors using an iPhone or Apple Watch via secure Ultra Wideband (UWB) ranging and NFC tap without requiring an app or button press. The system uses Bluetooth LE for authentication and key agreement, with UWB providing distance measurement to unlock the door automatically when the authorized device approaches and relock when it leaves. The project is a personal hobby open-source firmware implementation running on Nordic nRF5340 hardware and Qorvo DW3110 UWB radio. It is not affiliated with any vendor and is provided as-is without warranty.

Reddit Discussion

r/cybersecurity·posted by u/asxeem
00

This might be taken down.

Your iPhone walks up, the door unlocks. No app, no button. An open Aliro lock with secure UWB ranging + NFC tap, running end-to-end on an nRF5340

https://github.com/asxeem/openaliro

Links cited in this discussion

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/14/2026, 06:17:30 UTC

Technical Analysis

OpenAliro is an open-source digital key lock system that uses secure UWB ranging combined with NFC tap and BLE authentication to unlock doors hands-free with an iPhone or Apple Watch. The lock firmware runs on Nordic nRF5340 and Qorvo DW3110 hardware, implementing the entire secure ranging stack in firmware without a dedicated UWB coprocessor. The system measures distance securely to prevent replay attacks and unlocks the door when the authorized device is in close proximity, relocking when it moves away. The project is a personal hobby and not an official product, provided under mixed licenses with no vendor affiliation or endorsement.

Potential Impact

This project demonstrates a functional hands-free smart lock system using secure UWB ranging and NFC tap. As a hobbyist open-source implementation, it does not represent a direct vulnerability or exploit in a commercial product. There is no indication of a security flaw or exploit in the lock itself. The impact is primarily informational, showing how secure proximity-based unlocking can be implemented. There are no known exploits in the wild and no affected commercial versions.

Mitigation Recommendations

This is an open-source hobby project without vendor support or official patches. There is no indication of a security vulnerability requiring mitigation. Users should not rely on this implementation for securing critical assets as it is provided as-is without warranty. For commercial deployments, use vendor-supported products with official security updates. No specific mitigation actions are required based on the available information.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Source Type
reddit
Subreddit
cybersecurity
Reddit Score
0
Discussion Level
minimal
Content Source
reddit_link_post
Post Type
link
Domain
null
Newsworthiness Assessment
{"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
Has External Source
true
Trusted Domain
false

Threat ID: 6a55d47468715ace43e0428f

Added to database: 07/14/2026, 06:17:24 UTC

Last enriched: 07/14/2026, 06:17:30 UTC

Last updated: 07/15/2026, 03:17:41 UTC

Views: 13

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses