I woke up today to a notification saying SmartThings had unlocked my connected door lock at ~3:55am. After momentarily panicking and checking the house, I came to realize what had happened. Somehow, either the internet had gone offline, my router had restarted, or the SmartThings hub itself had. Whenever it came back online, it ‘detected’ the presence of my SmartThings arrival sensor and unlocked the door per my automation rule.
I’m still investigating, but if it was the internet, this means that all somebody has to do is unplug your uplink to the internet and plug it back in (often the ISP cables are just sitting outside your house), and if you have an arrival sensor, the door would unlock. Similarly, if it was the router/hub, if an attacker can temporarily cut your power, they can open the door. Obviously, this is a huge security risk. I believe my setup is correct also - I basically took the arrival sensor out of the box and set it up per the instructions.
Has anybody else experienced this? Any ideas on how to fix? I’m disabling the arrival sensor automation until I figure out what to do.
Thanks for reading.
PS Sorry if this is a known issue, I wanted to get it out there before I forgot.