Founded Year

2014

Stage

Series A | Alive

Total Raised

$26.24M

Last Raised

$23.55M | 1 yr ago

About Nuki

Nuki is a supplier of smart home solutions in Europe. The company aims to make access solutions smarter and physical keys irrelevant with the Nuki Smart Lock.

Nuki Headquarter Location

Münzgrabenstraße 92/4

Graz, 8010,

Austria

+43 316 22 84 09

Nuki's Product Videos

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

Nuki's Products & Differentiation

See Nuki's products and how their products differentiate from alternatives and competitors

  • Nuki Smart Lock

    The Nuki Smart Lock 3.0 turns your smartphone into a smart key. The electronic door lock is installed over your existing lock cylinder from the inside in a matter of minutes and is not visible from the outside. With the free app (iOS/Android), you can open and close your door without a key. You can also create up to 200 permanent, time-limited or recurring virtual keys with the Nuki app. This means your family and friends, dog sitters and cleaning staff have access exactly when you want. It meets the highest possible security standards thanks to state-of-the-art encryption mechanisms. If required, you can remove your Nuki Smart Lock without leaving a trace, making it ideal for rental properties.

    Differentiation

    Can be easily retrofitted on the interior side of your door in just 3 minutes – no drilling or screwing required 

    Maximum security for your door lock thanks to the certified encryption concept 

  • Subscribe to see more

    We're on a mission to enable every organization to make smarter decisions about tech. Whether it's finding a new game-changing vendor or understanding a new market, it's easier, faster and smarter with CB Insights. All made possible by the smartest, hardest-working team in tech. Subscribe to see more.

    Differentiation

    We're on a mission to enable every organization to make smarter decisions about tech. Whether it's finding a new game-changing vendor or understanding a new market, it's easier, faster and smarter with CB Insights. All made possible by the smartest, hardest-working team in tech. Subscribe to see more.

  • Subscribe to see more

    We're on a mission to enable every organization to make smarter decisions about tech. Whether it's finding a new game-changing vendor or understanding a new market, it's easier, faster and smarter with CB Insights. All made possible by the smartest, hardest-working team in tech. Subscribe to see more.

    Differentiation

    We're on a mission to enable every organization to make smarter decisions about tech. Whether it's finding a new game-changing vendor or understanding a new market, it's easier, faster and smarter with CB Insights. All made possible by the smartest, hardest-working team in tech. Subscribe to see more.

  • Subscribe to see more

    We're on a mission to enable every organization to make smarter decisions about tech. Whether it's finding a new game-changing vendor or understanding a new market, it's easier, faster and smarter with CB Insights. All made possible by the smartest, hardest-working team in tech. Subscribe to see more.

    Differentiation

    We're on a mission to enable every organization to make smarter decisions about tech. Whether it's finding a new game-changing vendor or understanding a new market, it's easier, faster and smarter with CB Insights. All made possible by the smartest, hardest-working team in tech. Subscribe to see more.

  • Subscribe to see more

    We're on a mission to enable every organization to make smarter decisions about tech. Whether it's finding a new game-changing vendor or understanding a new market, it's easier, faster and smarter with CB Insights. All made possible by the smartest, hardest-working team in tech. Subscribe to see more.

    Differentiation

    We're on a mission to enable every organization to make smarter decisions about tech. Whether it's finding a new game-changing vendor or understanding a new market, it's easier, faster and smarter with CB Insights. All made possible by the smartest, hardest-working team in tech. Subscribe to see more.

Expert Collections containing Nuki

Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.

Nuki is included in 2 Expert Collections, including Smart Home & Consumer Electronics.

S

Smart Home & Consumer Electronics

1,165 items

This Collection includes companies developing smart home devices, wearables, home electronics, and other consumer electronics.

S

Smart Cities

1,205 items

Smart building tech covers energy management/HVAC tech, occupancy/security tech, connectivity/IoT tech, construction materials, robotics use in buildings, and the metaverse/virtual buildings.

Latest Nuki News

Critical Vulnerabilities Exposed Nuki Smart Locks to a Plethora of Attack Options

Jul 27, 2022

Researchers have identified as many as eleven critical vulnerabilities in different versions of Nuki Smart Locks. The IT security researchers at Manchester, England-based NCC Group have released a technical advisory explaining how Nuki Smart Locks were vulnerable to a plethora of attack possibilities. It is worth noting that Nuki Home Solutions is a Graz, Austria-based supplier of smart home solutions in Europe. Here is a detailed overview of the eleven flaws in Nuki’s locks. Lack of Certificate Validation on TLS Communications This flaw is tracked as CVE-2022-32509 and affects Nuki Smart Lock version 3.0. As per the NCC Group research, the company didn’t implement SSL/TLS certificate validation on its Smart lock and Bridge devices. Without SSL/TLS certificate validation, attackers can perform man-in-the-middle attacks and access network traffic sent through an encrypted channel. Stack Buffer Overflow Parsing JSON Responses Tracked as CVE-2022-32504 , this vulnerability affects Nuki Smart Lock 3.0. The issue can allow an attacker to get arbitrary code execution privilege on the device. The flaw is found in the code that implements the JSON objects parsing received from the SSE WebSocket, leading to a stack buffer overflow. Stack Buffer Overflow Parsing HTTP Parameters As per NCC Group’s technical writeup , the code responsible for overseeing the HTTP API parameter parsing logic causes a stack buffer overflow. It could be exploited to perform arbitrary code execution. This flaw is tracked as CVE-2022-32502 and was discovered in Nuki Bridge version 1. Broken Access Controls in the BLE Protocol The flaw is tracked as CVE-2022-32507 and affects Nuki Smart Lock 3.0. Research revealed that inadequate access control measures were used in the Bluetooth Low Energy Nuki API implementation, which could allow users to send out high-privilege commands to the Keyturner without being authorized for it. More Related Security Issues TAG Exposed via Test Points This flaw is classified as CVE-2022-32503 and impacts Nuki Keypad. The TAG Exposed issue exposed the JTAG hardware interfaces on the affected devices. Exploiting this flaw can allow an attacker to use the JTAG boundary scan feature to control code execution on the processor, debug the firmware, and read/alter the internal/external flash memory content. However, the attacker must have physical access to the circuit board to exploit the scan feature. Sensitive Information Sent Over an Unencrypted Channel This vulnerability is assigned CVE-2022-32510 and impacts Nuki Bridge version 1. The Bridge exposes the HTTP API using an unencrypted channel to access an administrative interface. The attacker can passively gather communication between the HTTP API and a client after accessing any device connected to the local network. A malicious actor can conveniently impersonate a legit user and access the full set of API endpoints. WD Interfaces Exposed via Test Points Tracked as CVE-2022-32506 , the flaw exposed SWD hardware interfaces and was identified in Nuki smart lock 3.0. The attacker can use the SWD debug feature after having physical access to the circuit board, control the processor’s code execution, and debug the firmware. SWD test points exposed (Image: Ncc Group) Denial of Service via Unauthenticated HTTP API Messages This flaw is classified as CVE-2022-32508 and impacts Nuki Bridge version 1. The flaw made devices vulnerable to denial of service (DoS) attacks if the attacker used specially crafted HTTP packets . Thus, impacting access to the Bridge and rendering the device unstable. Denial of Service via Unauthenticated BLE packets Tracked as CVE-2022-32505 , this flaw made the impacted devices vulnerable to DoS attack through specially crafted Bluetooth Low energy packets. This could affect Keyturner’s availability and make the device unstable. Most BLE characteristics were found to be vulnerable to this issue. Insecure Invite Keys Implementation This flaw impacts the Nuki Smart Lock app version 2.22.5.5 (661). The invite token created for identifying a user during an invitation process is used to encrypt/decrypt the invite keys on the Nuki servers. A threat actor can easily take full control of the servers through this flaw and leak sensitive data. Opener Name Could Be Overwritten Without Authentication The Nuki Opener is impacted by this vulnerability that emerged from an insecure Opener Bluetooth Low energy implementation, allowing malicious actors to change the BLE device name. The device allowed an unauthenticated attacker to change the BLE device name. Current status The NCC Group informed Nuki about these flaws on 20th April 2022, and the company quickly responded. On 6th May 2022, Nuki contacted NCC Group regarding the progress on fixes. On 9th June 2022, patches were released for all vulnerabilities, after which NCC Group released a technical advisory.

Nuki Web Traffic

Rank
Page Views per User (PVPU)
Page Views per Million (PVPM)
Reach per Million (RPM)
CBI Logo

Nuki Rank

  • When was Nuki founded?

    Nuki was founded in 2014.

  • Where is Nuki's headquarters?

    Nuki's headquarters is located at Münzgrabenstraße 92/4, Graz.

  • What is Nuki's latest funding round?

    Nuki's latest funding round is Series A.

  • How much did Nuki raise?

    Nuki raised a total of $26.24M.

  • Who are the investors of Nuki?

    Investors of Nuki include Up to Eleven, Venta Group, Allegion, Cipio Partners, Fortuna Group and 5 more.

  • Who are Nuki's competitors?

    Competitors of Nuki include Level Home and 5 more.

  • What products does Nuki offer?

    Nuki's products include Nuki Smart Lock and 4 more.

You May Also Like

P
PassiveBolt

PassiveBolt offers smart door locks and smart lock mechatronic modules.

Level Home Logo
Level Home

Level Home provides solutions for the smart, connected home. Its Level Lock is a smart lock that transforms an existing lock into a smart lock in minutes, allowing consumers to preserve the design of their homes.

Cloudastructure Logo
Cloudastructure

Cloudastructure delivers cloud-controlled infrastructure to provide Integrated Building Automation Solutions for Video Monitoring and Surveillance as a Service (VSaaS), Door Access Controls as a Service (ACaaS) , as well as integration with sensors to support specific Internet of Things (IoT) initiatives. The company was founded in 2003 and is based in San Mateo, California.

B
Blue Zoo

Blue Zoo measures real-time foot traffic by using mobile phone signals as a proxy for people - while respecting consumer privacy.

Alcatraz AI Logo
Alcatraz AI

Alcatraz uses real-time 3D facial mapping and neural networks to automatically enroll an individual based on any current access control method. Entry is granted based on secure facial recognition with instant one-factor authentication for multi-person in-the-flow sensing.

Bastille Networks Logo
Bastille Networks

Bastille Networks completely secures the IoT on corporate campuses by identifying airborne threats and allowing for preemptive response. Through its software and sensor technology, Bastille safely and privately scans a corporation's air space, giving security personnel visibility into every RF-emitting device on a premise. As a result, companies can accurately quantify risk and mitigate threats.

Discover the right solution for your team

The CB Insights tech market intelligence platform analyzes millions of data points on vendors, products, partnerships, and patents to help your team find their next technology solution.

Request a demo

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.