IoT - where the S really is for Security
I dont recall who or where (apart from being a thread here) this was posted originally, but its worth repeating
Hardware biz Lockstate has managed to brick hundreds of internet-connected so-called smart locks on people's front doors with a bad firmware update. The upshot is you can't use the builtin keypad on the devices to unlock the door. Lockstate's smart locks are popular among Airbnb hosts as it allows them to give guests an entry …
Well, it looks like no one can use the lock now, so I guess it's even more secure than a normal keyed lockset?
A physical button to revert the lock to a "safe mode" where remote/bluetooth functionality is disabled, but keypad access is still allowed would seem to be a prudent guard against this type of thing. But switches are expensive; some places have the nerve to charge you as much as $0.50.
A physical button to revert the lock to a "safe mode" where remote/bluetooth functionality is disabled, but keypad access is still allowed would seem to be a prudent guard against this type of thing. But switches are expensive; some places have the nerve to charge you as much as $0.50.
Where would this button be placed and how would it work?
It can't be on the inside because the problem is the keypad doesn't work and the Airbnb tenant doesn't have a physical key.
It could be on the outside but then anyone can walk up, press the button and the property owner is prevented from gaining remote access.
@2+2=5: It can't be on the inside because the problem is the keypad doesn't work and the Airbnb tenant doesn't have a physical key.
I assume the tenants would call the owner who does have a physical key to get inside. Or even to partially dismantle the lock with a set of physical tools to get to the reset switch.
Have you ever watched a hotel employee opening a room safe left locked by a previous guest?
@ T. F. M. Reader
If the owner has to turn up with the key then the 'reset button' might just as well be taking the batteries out for a couple of minutes. I inferred from the article that a consequence of the bug is that an affected property owner has to be physically present to fix things. The button suggestion from 'vir' doesn't solve this problem.
"an affected property owner has to be physically present to fix things. "
The property owners surely still have the option of doing what absentee landlords in the holiday let business have done for decades, at least until AirBnB and the IoT in general "disrupted" things: pay someone local to the property to look after the property in the absence of the owners.
Anyone see a big problem with that?
It would also allow any entrant to disable the electronic lock for everyone else by giving it a reset. Not so good either.
That said, it's not the kind of lock I'd ever want on my premises - I'm not even sure you can get insurance if your locks are basically controlled by an untrusted 3rd party (the lock supplier who holds the central account). I can see why some may like it but my needs lie a bit higher, to the point where I had to choose between Assa Abloy disc based locks or EVVA Triple K - at which point I found a Youtube video about someone picking the EVVA one. Grr.
if your locks are basically controlled by an untrusted 3rd party (the lock supplier who holds the central account)
"The crashed locks – which connect to your home Wi-Fi for remote control and monitoring as well as firmware updates – are now going to be out of action for at least a week."
Doesn't read as 'a third party controlling the lock', unless pushing (b0rked) firmware updates counts as such too.
I suppose you could have it on the inside; as you said, if you're on the outside and the lock installs a bad update, you're out of luck. If the lock is anything like the August one I used to use (don't shoot!), it updates via a user command on the app, not over WiFi and not automatically. In this scenario, the app could tell you to make sure you're inside before initiating the install. Just a thought; I don't design smart locks so you're safe for the time being.
<qoute>Where would this button be placed and how would it work?</quote>
It could be incorporated into the key lock mechanism actuated by the use of a 'special key' which is longer and reaches deeper into the lock cylinder to activate the switch. A 'standard key' being shorter, does not trip the switch.
A mistake was made.
Instead of faffing around with the usual "only a small number of customers was affected", the company responsibly owned up to the blunder, contacted the affected users (meaning the company knows who was affected), offered two means of repair/replacement and foots the bill in either case.
That points to a seriously well-organized company that is probably intent on keeping its customers and showing how professional it can be in handling issues.
From where I stand, although I have no use for their product, I do appreciate how they are dealing with the situation and wish that more examples of that behavior were available.
Yep. Compare their behaviour with a company like TalkTalk. Whilst it's a cock-up, and undoubtedly a PITA to the affected customers, the company's response seems professional and pro-active. They responded quickly, reached out to customers proactively, set up a dedicated email address for customers to contact them with and arranged compensation.
The company is also a supporter of Net Neutrality. In all, they seem a good company.
"That points to a seriously well-organized company that is probably intent on keeping its customers and showing how professional it can be in handling issues."
No. If it really cared it wouldn't leave the lock unusable for days or even weeks. It would have paid for a local locksmith to provide a same-day service to replace each customer's lock with some temporary arrangement and then replace that it in due course with the official replacement - if the customer still wanted the official replacement.
Owning up to the mistake is not customer service. Even fixing it in the way they have is not customer service. Customer service is ensuring that the inconvenience to the customer is minimised.
No. If it really cared it wouldn't leave the lock unusable for days or even weeks. It would have paid for a local locksmith to provide a same-day service to replace each customer's lock with some temporary arrangement and then replace that it in due course with the official replacement - if the customer still wanted the official replacement.
I doubt a local locksmith would have a unit similar to the ones knackered by the update, and a temporary replacement would therefore likely be just some common conventional lock. The lock is still functioning as a conventional lock anyway, and given that the company is willing to send out a replacement first, you're not gaining anything by having a locksmith putting a temporary lock in. With only a short window where you have your AirBNB guests holding a physical key (the replacement lock will have a different one), I don't see that as a huge problem, and if you, as an AirBNB host, see that differently, then by all means arrange for that yourself
"a temporary replacement would therefore likely be just some common conventional lock. The lock is still functioning as a conventional lock anyway"
One if the issues cited was giving the physical key to the AirBNB customer. If a conventional lock is fitted once the repaired original is in place the conventional lock can be removed and the physical key for that ceases to be of concern to the owner.
"With only a short window"
That's 5 to 7 working days. Add in up to 4 calendar days to cover weekends, i.e. up to 11 days elapsed time. If you think that's short then you have a point but maybe their customers wouldn't agree with you.
If a conventional lock is fitted once the repaired original is in place the conventional lock can be removed and the physical key for that ceases to be of concern to the owner.
You get a new one sent out to you, with a different key. Once that one is fitted, the keys for the original lock, and any copies thereof, cease to be of concern to the owner.
I haven't used AirBNB myself, but someone who has told me they did receive a physical key (of a type that you'd need an owner certificate for to show a locksmith if you wanted a copy made, so at least a bit of a hurdle regarding copying) that would open the front door and their apartment, with a deposit as collateral. I don't see why that wouldn't work for those two weeks until you received the replacement.
Not watertight, but then neither would an IoT lock.
..... "If you think that's short then you have a point but maybe their customers wouldn't agree with you."
To me this is vastly simpler and easier than having to go back and forth with the manufacturer getting them to source a locksmith in the location the lock is fitted, then arranging a mutually convenient time for the locksmith to attend. This is going to take time as the locksmith will probably want paying in advance as the job is being done for a third party. After that I have to be at the property for him to arrive to fit a replacement which hopefully doesn't need too many new holes drilling in the door!. And then after that another site visit is required to swap out the temporary replacement.
To avoid that degree of hassle I and I suspect many of their customers many would find an 11 day turn around time quite acceptable and probably much quicker than getting a locksmith involved.
All smart locks are supposed to be about convenience, not security as burglars always search out the weakest point of entry. However, once the front door's deadbolt of any residence is placed on the WWW, it instantly becomes a hacker magnet waiting to happen. Just google "DEF CON 2016" and read just how easy these hackers hacked smart locks and smart homes.
"So why is a locksmith needed as this is exactly what the smart lock became after it was bricked by the bad firmware?"
The whole selling point of this (apart from being a cool IoT cloud thingy) is that the property owners don't want to give out the physical key. Unless a temporary lock is fitted, for which the key can be considered disposable when the original is refitted, then this is just what they have to do. If the repaired lock doesn't also have a change of physical key, their $469 has been wasted.
"That points to a seriously well-organized company that is probably intent on keeping its customers and showing how professional it can be in handling issues."
Commendable though that may be, does it not strike anyone as odd that shipping the affected lock back, getting it reprogrammed then shipping back to the customer will take 5-7 days but shipping a new replacement in advance of returning the failed lock takes over three weeks?
I wonder what happens when the customer ships the faulty lock back for reprogramming? Is there a module they send back, leaving the manual part of the lock in place or do they need to fit a standard lock in the meantime?
"shipping a new replacement in advance of returning the failed lock takes over three weeks?"
How long does it take for a containerload of Chinese tat to be ordered, manufactured, shipped to customer warehouse, clear customs at the destiination, be rebranded with brand-specific badges and reconfigured to an end-user-ready state, and be delivered ready to use?
Three weeks sound about right? Maybe a little longer?
getting it reprogrammed then shipping back to the customer will take 5-7 days but shipping a new replacement in advance of returning the failed lock takes over three weeks
Not really - in the first case, they don't have to replace the unit, just reprogramme it. In the second case, they have to manufacture a new unit (because I very much doubt that they have enough in stock to replace all the borked units) and then ship it out.
And (in general) making new stuff takes longer than reprogramming old stuff.
This post has been deleted by its author
Agreed. It's not hard to have the firmware file(s) identify what models the update is valid for & have the existing firmware not run the update unless the intended model matches the physical model. All IoT crap should do such checks from the get go.
knocks my "Idiots or Twonks" into a cocked hat.
Seriously, this should be essential reading (and comprehension) for anyone thinking of buying this sort of crap.
I know that soon everything is supposed to be 'connected' but why?
I'd expect the Home and Contents insurers to start loading premiums for people who secure their homes with this stuff.
Then there are the Adverts for Alexa that tell it to use Hive to do something.
How secure will that be if all it takes is for someone to shout throught the letterbox, "Alexa open the front door for me please"
Madness (welcome to the house of fun) and it won't end well.
At least my home won't have any of this crap for the forseeable future.
I recently bought a Linksys EA7500 WiFi access point/router. The only easy way to set up this device is to subscribe to the Linksys "cloud" so that ALL CONFIGURATION is done via the Linksys cloud account.
*
This is so that "you can manage your router using your smart phone from anywhere on the planet".
*
So your home LAN is open to hacking from "anywhere on the planet"......REALLY?
*
It took a day and a lot of research to find out how to configure the device in the old fashioned way -- using a laptop and a CAT5 cable (and NO INTERNET ACCESS).
*
In the future it may be impossible to manage a computer-based device without "the cloud" -- if idiots like Linksys have their way.
*
Yup.......lovely!!!!
"The only easy way to set up this device is to subscribe to the Linksys "cloud" so that ALL CONFIGURATION is done via the Linksys cloud account."
To be fair, this sort of thing started because of NAT and the difficulty of creating universal and easy set-up for IT illiterate users. Then the marketing people realised the potential for user lock-in and subscription services so even with universal adoption of IPv6, we'll never get back to the direct connect methods now. "$x as a Service" is here to stay. After all, it's risky enought that company providing the service and "cloud" server might go bust, but there also the risk Google might buy them up and shut them down anyway.
Linksys EA7500
OpenWRT supports the EA8500, I think ... well, this page seems to infer that, at work, no time to read it all ...
https://wiki.openwrt.org/toh/linksys/linksys_ea8500
Punters, next time you buy a router/wifi access point, check out OpenWRT support -> All major router purveyors have had security blunders like root/root accounts, telnet access via "magical link" etc ... don't trust them, trust yourself, get OpenWRT!
Not at all.
I think this thing (it's a front door lock) is obscenely over priced for what it does, simply for the novelty of how it does it.
Crap can always be over priced for what it does (Google JML products for a company that sells nothing but such items).
For that kind of money I'm pretty sure you can get a very heavy door, with piano hinges and a high security multi bolt lock to go with it.
"Google JML products for a company that sells nothing but such items"
Don't you dare be so rude about one of Tony Blair's biggest financial backers:
http://www.telegraph.co.uk/finance/newsbysector/retailandconsumer/10310722/Rich-private-school-Oxford.-Meet-John-Mills-Labours-biggest-donor.html
where you can read this familiar sounding excuse:
"“If you sell 50m units of something or other you just can’t avoid some mistakes,” he says “There’s no defence. In that particular incident, the products were supplying hadn’t been finished properly and we had no way of knowing.”
Sadly for Mr Mills, Trading Standards found a way of knowing.
Sadly for the rest of us, Trading Standards didn't put him out of business. They rarely have the power (or funds) to do anything about people like that.
For that kind of money I'm pretty sure you can get a very heavy door, with piano hinges and a high security multi bolt lock to go with it.
A few days ago I was in a hardware store in Germany, and one of the things they had on sale was a burglary/vandalism resistant front door (including hinges, frame and five-point lock), for roughly double that price.
"I'd expect the Home and Contents insurers to start loading premiums for people who secure their homes with this stuff."
I'd expect the opposite. To the insurers, IoT = electronic = equals security = better so anyone NOT using this type of kit will see their premiums increased. As was predicted here by many, the insurers "black box" for young drivers to monitor their quality of driving to reduce premiums is now being advertised as a benefit to all drivers. Before long they will be standard and drivers without them will pay much more for choosing not to be tracked and watched by big brother.
Internet connected tat is NOT GOOD, m'kay?
When large corporations (who supposedly have staff who specialize in keeping bad actors out of their systems) seem to get hacked regularly, putting one's door lock on the Internet seems a bit, well, stupid.
Do not connect to the Internet that doesn't really need to be connected to the Internet. And if you do connect it, expect it to get p0wned - in this case by the manufacturer.
It's a lock, fer the cryin out loud. I wonder why a door lock would need a software upgrade in the first place -- how complicated can the software be?
It would be interesting to see the list of bug fixes that the firmware upgrade was intended to address. Maybe the CPU in the lock is mining bitcoins for the company in its spare time, and they had to introduce new logic to deal with the recent bitcoin forking?
Perhaps it's to fix a bug, like entering 99999999999999999999999999 causes a buffer overflow and the door opens?
Nobody codes for reliability these days, nobody check the code, just scribble a few lines, pretty print it and go down the pub for lunch and a beer or five. After lunch you return to the office and push the update out.