IoT manufacturer caught fixing security holes

Re: Insurance

"My house insurance company would love me to install one of these 'smart' locks so they could refuse to pay me out in the event of a break in. The scumbags."

Sadly, I have to let light into my house - the wife insists on it - apparently plants die without light and anyway the place looks weird in permanent fluorescent lighting. So I now find that the rotters are getting in by smashing the glass. I fitted Pilkington's finest and they break in by bashing down the brickwork now. Bugger.

I can't imagine anything dafter than fitting one of these things to enhance the security of your home. OK not everyone can fit a portcullis but since I put mine in, I've never been burgled via the front door.

Re: Reflexive luddism

"I can actually see a plausible use case for these things"

Well don't leave us in suspense - what is it? Because I sure as hell can't see one. The usual use case for IoT is to do something remotely. I can't see any good reason for wanting to unlock your house remotely unless you're really so naive and trusting as to want to allow workmen in unsupervised.

Re: Reflexive luddism

They probably do have a use case. But not for "border" security. Within a building, for keeping the cleaner out of the executive drinks cabinet, or allowing fire escape from the clean room, but only allowing regular access and exit via the decontamination chambers. No - that latter has the "glass bolt" to compete against.

Re: Household insurance

BS3621 is the most popular standard known to most for locks on doors. To make any lock even sit up to this standard it has to have the ability to be dead locked and the key taken away from both sides so no one can gain access or exit the door with-out a key.

BS8621 is a new standard and not so popular to the masses, but has some distinct advantages for the domestic house and commercial applications. It has all the security benefits of the lock above save for the ability to get out without the use of a key. This is ideal where there are fire escapes or places where quick exit is required without the use of a key. Care must be taken when using this standard that windows or letter flaps are not in close proximity to the lock so someone can simply break a window and open the lock from outside.

BS10621 Is another standard that is even not as popular as BS8621. This standard allows for the same specs as above save now the lock from key manipulation from the outside can bypass escape functions of the lock from inside. This is ideal where say you are the last person out of the building and you are locking the building down. If someone breaks in through a window they cannot use the door as a means of escape where you could with BS8621.

So what do you get for your money with a BS3621 Locks

The lock should be able to resist attack from drilling the case of the lock for at least 5 minutes. Using standard tools.

The bolt must also resist attack for 5 minutes by cutting or drilling.

There must be a mechanism in place to resist manipulation (Picking) off the lock (Keyway curtain or shroud is what we call this in the trade).

The bolt must project at least 20mm into a full bodied steel keep when locked.

There must be at least 1000 differs to the range of locks. This is how many key shapes will differ between locks. If there is a street with 1001 front doors with all the same make and model of lock fitted then somewhere one key will fit two doors.

Also, key to the security is the impact on the locking bolt and a sidewards force of 10Kn is required before the lock fails.

Lets assume the door and frame is built stronger than the lock and that the door is lying flat on two pedestals. You would need at the very least 40 bags of potatoes pilled on top of each other before the lock would give way.

Judging by the design of the electronic catch side of the lock non would be passed by insurance companies.