by thedanbob on 8/5/19, 8:10 PM
I’ve been getting into home automation recently and I’ve given myself a rule: nothing cloud connected. If I can’t run it off my local server, I don’t want it. I have much more motivation to secure my home than any company ever will.
by OrangeTux on 8/5/19, 8:16 PM
> DO NOT. Ever. Buy. A smart lock. You’re better off with the “dumb” ones with keys.
Well, physical locks are not necessary harder to pick lock than electronic locks. Buy your self a pick lock set, practice a bit and be amazed how many locks you can pick.
by floatingatoll on 8/5/19, 7:41 PM
Note that requiring a server account login before the user is allowed to manage a Bluetooth device is an explicit violation of the App Store Review Guidelines, so now that awareness is being drawn to this lock they may find themselves banned on iOS soon unless they fix it.
by balls187 on 8/5/19, 7:44 PM
Losing access to a lock is bad stuff. I went with a smart lock that has a physical key.
The article says don't buy a smart-lock, but the convenience of having one-time access codes, scheduled access, delivery access, and linked to a security camera make the downsides (increased attack vectors) something I'm willing to live with.
by gregable on 8/5/19, 8:33 PM
Locks are often fairly weak against real attackers.
I enjoyed this youtube video of another smart (fingerprint?) lock being broken due to a digital reset. It has a plastic panel on the front where the fingerprint reader is. If you remove the panel with a razor blade (it's just attached with glue), it even has a reset button exposed which resets the fingerprint. https://www.youtube.com/watch?v=uVvEkcN5tW8
by jedberg on 8/5/19, 8:28 PM
I'm a big fan of
electronic locks, but I refuse to have a smart lock. I know enough about IOT and security to know that a lock with a wifi chip might as well not be there at all.
I just program a few extra codes into the lock ahead of time, and if I need to let someone in in an emergency, I just give them one of my burner codes and delete it when I get home.
I don't really need a log of every entry because the camera pointed at my door already gives me one of those. :)
by JaggedNZ on 8/5/19, 8:48 PM
Doesn't this suggest that the unlock code comes from the "cloud" and not your phone/app?
So if you loose internet access you are not able to unlock? Or maybe it locally caches the key?
by one2zero on 8/5/19, 8:00 PM
If someone picks a "dumb lock" and steals all of your belongings, does the manufacturer have any liability? What if someone picks your "smart lock"?
by Damogran6 on 8/5/19, 8:51 PM
So pretty much 0% security success in every smart lock I've seen attacked. (I think I've seen 5 so far, every one had nuclear dumpster fire issues.)
by outworlder on 8/5/19, 9:29 PM
As a rule, hardware companies are crap at writing software. If the software is risky from a security standpoint, that's even worse.