The best thing that can be said about IoT...
... is that it's very entertaining!
The security of Amazon.com’s Key door lock has again been called into question. The Key is a wireless-networked electrified lock designed to be temporarily disabled by delivery workers to drop off stuff at Amazon Prime members’ homes or businesses. Prime members receive the gear they ordered from Amazon without having to hang …
Smart people, if they want to use this "service", would use the Idiot of Things (IoT) lock on a box/cabinet/closet on their porch, rather than on a door into the house.
It's kind of odd that Amazon hasn't already marketed a cooler size bolt-down IoT lock box for the porch. Sell crap to have your crap delivered into.
That's not even the real scary part.
This lock is only usable by you+Amazon
The cleaning service, meal delivery, dog walking, repair person - can now only get access if they are an Amazon partner.
You just paid to make Amazon a monopoly provider of any service that needs access to your building.
I would just about consider something like this on my outside door, as I have a porch and an inner door.
So for my very specific use case, having something on the outer door like this wouldn't be such a security risk as I can still utilise a good old fashioned physical lock on the inner door.
That said...rely on any of these IoT locks for the only point of security? Hell no!
I recall locking myself out of the house by dint of closing the front door and realising my keys were in my other trousers. All the locksmiths in the online yellow pages seemed to be the same guy who repeatedly refused to come help. Fortunately my garage workshop was unlocked so, armed with some tools:
I used a chisel to lever off the strip of wood protecting the Yale lock.
I tried the TV one of the credit card to trip the lever but it was not strong enough.
So, a card scraper (metal oblong for smoothing wood with a hook on the edge). Strong enough but could not be pushed hard enough.
So, I banged it a bit with a hammer and hey! presto! I was in.
That was before we got a new front door with multipoint locking into a metal frame . . . Couldn't do that now. The polis don't even try for the locks on those with the ram, they go through the panels in the middle of the door.
Nobody came to investigate. View of the door is somewhat obscured by shrubbery but not entirely. However I am probably well known as a DIY sort of guy, in the summer I leave the door open on my workshop for the air for eg. So it would have been assumed I was fixing it.
First I heard of this sort of idea it was for a lockable box or you installed it inside the house in a side panel say and it had a one time code opening outer door and was large enough for most parcels and obviously a non accessible from the outside locking system on the inner door.
This is just asking for trouble, and a mask/hat wearing burglar.
A few years ago a male friend of our daughters was sitting in the middle of Dundee minding his own business when two neds came from behind him and apropos of nothing whacked him on the head. He woke up in the hospital. CCTV showed two hooded figures. To my knowledge they have never been apprehended.
This idea that cameras are the be all and end all of security is bogus.
So, a card scraper (metal oblong for smoothing wood with a hook on the edge). Strong enough but could not be pushed hard enough.
So, I banged it a bit with a hammer and hey! presto! I was in.
Couple of years back we had a temporary office with a temporary computer room next to it. Then someone decided that we were not to enter the computer room, despite us needing physical access to some of the systems therein. This they thought to achieve by installing a code lock on the door. However, it was easy to circumvent: the door turned outwards, and the hook on the serrated knife on the Leatherman Charge was exactly what one would need to flip the bolt.
It's like Star Trek : why use ball bearings when magnetic confinement is soo more high-tech ?
If I ever was stupid enough to splash dough on one of these pseudo-locks, there is one scenario in which I could find a use for it - but that would require more dough. Indeed, I would not replace my trusty mechanical security lock with that piece of tat for protecting my house and belongings, no. I would build a small shack good enough for housing a few Amazon boxes and put the tat lock on that. Delivery guy can put the box(es) in there, and if shitty lock does get hacked, well the only thing to take is the boxes.
Meanwhile, my house remains properly protected by an actual, honest-to-goodness, proven security lock. One that even works if there is no power for a week. Can you imagine ? A week !
"Sorry to bust your bubble, but do you know how easy to "bump" your (t)rusty mechanical lock?"
Yes, yes...mechanical locks can be compromised as can the doors to which they're attached. So no need worry about how much easier it is to compromise an IoT lock.
I would like to have a lock that I can *open* from my phone.
Doesn't need anything IoT about it - it can all be locally handled... I just need a lock that is locked when power is off, but that I can cause to open by application of power.
Since most similar locks do the opposite (fail open on power failure for fire escape reasons)...
Some people do rather get carried away trying to shoehorn technology as a solution just 'cos, don't they?
I am reminded of a startup that wanted to help people that lost their house keys, by offering to 3D print a spare on demand,... so you'd have the b*llache of getting your key scanned, then waiting for them to print and drop off the crappy plastic key to your house. Assuming they were open, of course.
Or, you could, instead of getting your keys scanned, just get a couple of copies made, and leave one with a friend or relative, and perhaps tape one to an old loyalty card, and pop it in your wallet. That way, you aren't waiting for some neckbeard to do fire up the Ultimaker.
"a startup that wanted to help people that lost their house keys"
Maybe I'm missing something, or this is the point you're making, but if I lose my house keys, how would I be able to let this company scan my key to get a copy printed at all?
The company might just be better off scanning keys into a database 'before' customers lost their keys!
No, I'd have a phone with a key taped to it.
In this case however it's for a garage door...
I'd like to be able to open it on approach, particularly in the event of rain.
When the remote opener on the door used to work it was rather nice to ride straight in without having to get off the bike, open the house, go in and trigger the door opener before coming back out again.
About to replace the door with something slightly less automatic, but I'd still like to be able to get the door to open for me, particularly when the weather is inclement.
I think you answered your own requirement there - a garage door opener, something that has been around for a long time and does the job it's designed for. Of course, those are still seriously lacking in security, but it does what you need in a way that doesn't require an IoT device.
You could even add your own device to it to open it across t'internet if you really wanted - plenty of Raspberry Pi / Arduino projects out there for that.
>> I think you answered your own requirement there - a garage door opener, something that has been around for a long time and does the job it's designed for. Of course, those are still seriously lacking in security, but it does what you need in a way that doesn't require an IoT device.
There is of course the slight issue that I'm replacing the door due to failure of said device - and the way in which I installed it wasn't particularly conducive to replacement (Oops)...
I am indeed looking for something that I can control via an RPi - as I said, no IoT connectivity wanted/needed. But I could of course access it over my own VPN.
I just need a lock that is locked when power is off,
Apartment buildings tend to have this; the simplest one is an electromagnet pulling on the day latch of what is apparently called a rim lock: a door lock that sits exposed on the inside of the front door. The loop on the handle of the lock in the picture is exactly for such a magnet.
You may want to add a switch sensing if the door is properly closed, and a mechanism to close the door if it isn't.
Since most similar locks do the opposite (fail open on power failure for fire escape reasons)...
All you need is any type of latch, and a magnetically controlled striker plate. The latch could be a cylinder rim night latch (often called a yale lock) or a regular door catch with no outside handle.
If the striker is configured to lock when not powered, then the latch will work just as though there is a fixed striker - just like a normal door latch. When electrically released, the flat can be pushed open allowing the latch to pass.
I think that would violate building codes in most places. There is, after all, a reason that all the commercially available ones fail open. It'd be fairly easy to build though. Just a simple always-locked, spring loaded, key operated bolt coupled with an electromagnet and an 8266 based micro-controller. You want to keep the key so you could still open it if you lost power.
That said I would never trust such a thing. If it sends some sort of signal (Bluetooth, RF, infrared, whatever) it can me captured and replicated. If it communicates over your WiFi network...Well I've never seen a consumer grade WiFi network that I'd consider secure enough to trust with the lock to my front door. Including mine, and the security on my WiFi network is downright paranoid by any rational standard.
I think that would violate building codes in most places. There is, after all, a reason that all the commercially available ones fail open.
The requirement is that people can get out, not that the door unlocks - there's a difference.
I have a flat in a block of four, with a door intercom and entry system. It has a striker plate like the one I posted a link to, and the flap on that is unlocked by the entry system to allow the door to be opened to visitors.
Occupiers can use a key from the outside to retract the latch bolt, or from the inside use the thumb turn to do it.
So the door can be released by releasing the striker plate, or by retracting the latch bolt manually - the latter not being affected by the striker plate failing locked.
This post has been deleted by its author
Obviously to catch up with Google we can expect a smart neighbourhood soon...
It will....
Track the delivery driver turn by turn...
Run a background check on them...
Text them to them to hurry up...
Notify you when they run over the cat...
Lock the dog in the kennel...
Put the kettle on...and order more milk...
Open the door...
Put the telly on...
Notify them when the owner is on their way back...
Deploy the Roomba to clean up...
Lock the door, switch the lights off, play some music, and turn the heating up...
Post a 5 star review on Amazon
The creepiest sensation I ever had was when I was on travel last year and I entered a hotel room for the first time after checking in. I heard music emanating from the bedroom space. I thought maybe the front desk accidentally booked me into an occupied room. I approached cautiously and found the room to be empty, but the TV was on, playing the music and displaying a personalized message to me as a welcome from the hotel chain.
Shudder.
As both a lock picking hobbyist* and an IT security professional I don't trust smart locks. And considering just how poor 95% of all residential locks are in the US that's really saying something. Generally speaking any entry method that leaves a criminal on a standing porch for more than a minute - such as picking a lock - is only going to be used by people who don't have nefarious purposes. But smart locks, including not only this but every other smart lock design I've seen, can be opened by means that don't require a criminal to expose themselves for more than a few seconds.
*Yes, I pick locks for fun, but rule #1 is you never pick a lock that isn't yours without permission.
Amazon, in a statement, has downplayed the attack, saying its systems should be able to detect if a door is left unlocked for too long, and that delivery staff should check the front door is locked before leaving.
Just like they're not supposed to just leave the parcel on the doorstep in plain view?
The original purpose of a physical door lock is to keep out innocent but silly people.
Your key doesn't work? You're at the wrong house!
Not to defend amazon but their lock does exactly the same thing, you'll always struggle to keep out determined thieves / thugs, no matter how many security features you have on your house.
you'll always struggle to keep out determined thieves / thugs, no matter how many security features you have on your house.
That's not true. With enough time and money it's possible to make a house utterly impenetrable by anything less than explosives. A steel security door with a Protec2 lock on a double bolt - one bolt going into the floor and one into the top of the frame - would do the trick for the door. Then you'd have to replace the windows with some sort of unbreakable composite material. And make sure your siding can't be removed.
Ask any locksmith about this. Cheap locks keep honest people honest. Good locks keep criminals out.
1. My office (in an office block) had a "secure" door. The bad guys brought a chain saw and cut a huge hole in the (drywall constructed) wall BESIDE the door. They took anything that wasn't bolted down.
2. Should I mention T J Maxx, or Equifax, or any of the other organisations who have had millions of personal details stolen.
3. ...... could go on.....but won't.
Signed: Dinosaur
A previous place of work had this on 3 separate occasions....
They went through the roof, though the breeze block walls and finally through an armored fire exit after cutting the cctv and phone lines (security turn up... took a look around and didn't spot any so went home. Despite the premise being hit before and now not having any cctv or telephones... thus showing that given enough time and the average mind of security guards you can steal just about anything).
Anon because they know who are. No need to rub it in.
Even a dumb criminal can quietly warp most door frames with a simple lever in 5 seconds or less, bypassing the locking mechanism entirely. Only slightly longer to use a car jack to take out security door frames. (They can lift vehicles weighing tons after all.) Not to mention windows, which can easily be broken silently if you know how. Or as even stated, attack the structure anywhere outside of the door frame where it will be much weaker. Homes are designed to keep weather and animals out, not people. Humans are tool users. Criminals don't return to the scene of the crime, so they aren't concerned about causing permanent damage. And if they have a getaway plan, they won't even care about making noise because they will be gone before police/security can respond, even if a security alarm goes off. So who cares if Amazon's IoT crapware is insecure? It'd take a lot more effort / time to attack their lock than it would to break in using traditional methods. The only person who might bother would be a security researcher. Too many other faster, easier, better alternatives to bother with hacking.
While I agree with the basis of the thought (it is along the same lines as my oft-repeated "criminals don't pick locks because it takes too long"), I disagree with the idea that we shouldn't strive for the best possible security.
There's no such thing as perfect security. Entry is always possible, even if it requires an angle grinder or C4. But if a criminal needs to fetch a car jack to warp the frame on your security door and can't break your Plexiglas windows, he'll move on to the next house and leave yours alone.
Just like picking locks, odds are anyone actually able to do this isn't trying to break into your house. However, just like any decent locksmith will tell you that you should invest in a lock with high pick resistance anyway, this is still a security hole that needs to be closed.
if door closes -> lock.
These doorlocks have a magnetic sensor to detect they are closed. So the moment you exit the door and mechanically close it the lock will sense the doorjamb and engage the locking pin. no need for RF , wifi bluetooth or other wireless stuff.
my samsung doorlock works that way. close the door and it locks itself.