I’ve been getting into home automation recently and I’ve given myself a rule: nothing cloud connected. If I can’t run it off my local server, I don’t want it. I have much more motivation to secure my home than any company ever will.
Yup, totally agree. One thing I have found is that many of these devices use the venerable and cheap ESP8266 chip which is extraordinarily easy to hack. It can't really be factory flashed so the programming pins are almost always padded out on the PCB. So I get WeMo or cheap knock offs for example, and reflash 'em with my own code so it basically is only on my wifi network.
I can think of obvious reasons you'd want at least some devices cloud connected - for one, if some sort of disaster (fire, tornado, etc) hits your home, you probably want your surveillance getting off-site in realtime.
Exactly. I have hard time finding automated vacuum cleaner that doesnt connect to cloud, do you have some suggestion for vacuum cleaner that doesnt suffer on features?
> DO NOT. Ever. Buy. A smart lock. You’re better off with the “dumb” ones with keys.
Well, physical locks are not necessary harder to pick lock than electronic locks. Buy your self a pick lock set, practice a bit and be amazed how many locks you can pick.
The same rule applies to smart locks as applies to dumb locks: A lock does no more than keep an honest man, honest.
Any monkey can buy lock picks and pick a door lock. It's not hard. Generally if you buy a decent rake, it'll open most locks quickly. It's arguably much more work to hack the _smart_ side of a lock than it is to just pick the _dumb_ part.
The caveat here is that smart locks are often "picked" en masse - once you break one in a lab, you can immediately and silently do the same to the rest globally. This is similar to software hacking.
The guidance here should be to only purchase smart locks from vendors that you can trust to patch zero-days quickly. How you qualify a vendor as such is a mystery - I don't know that there's been enough zero days on smart locks to verify.
Agreed. I've also learned the hard way that a heavy boot kicks through a door and windows are made of this easy to break material. Given access and time/privacy, there aren't many things that are secure from people that want inside.
Note that requiring a server account login before the user is allowed to manage a Bluetooth device is an explicit violation of the App Store Review Guidelines, so now that awareness is being drawn to this lock they may find themselves banned on iOS soon unless they fix it.
Losing access to a lock is bad stuff. I went with a smart lock that has a physical key.
The article says don't buy a smart-lock, but the convenience of having one-time access codes, scheduled access, delivery access, and linked to a security camera make the downsides (increased attack vectors) something I'm willing to live with.
And we, on HN, can make an informed decision about that calculated risk. The general public just sees "Encrypted Android App with Smart Unlock" and thinks they are safe.
Inside most modern car keyfobs there is an "emergency" physical key...or should be (recently saw one where the space was empty as the dealer had failed to include it) It's not marked or obvious from the outside of most I have seen and some prying in some innocuous looking seam will be needed. One of those things that seems obvious once you know it but may not have run across.
Locks are often fairly weak against real attackers.
I enjoyed this youtube video of another smart (fingerprint?) lock being broken due to a digital reset. It has a plastic panel on the front where the fingerprint reader is. If you remove the panel with a razor blade (it's just attached with glue), it even has a reset button exposed which resets the fingerprint. https://www.youtube.com/watch?v=uVvEkcN5tW8
I'm a big fan of electronic locks, but I refuse to have a smart lock. I know enough about IOT and security to know that a lock with a wifi chip might as well not be there at all.
I just program a few extra codes into the lock ahead of time, and if I need to let someone in in an emergency, I just give them one of my burner codes and delete it when I get home.
I don't really need a log of every entry because the camera pointed at my door already gives me one of those. :)
Why is a WiFi lock so bad? It opens you up more, but the number of people who can hack even the most insecure example is vastly smaller than the number of people who can kick down a door or break a window. Household locks are almost always just about deterring casual criminals, and internet vulnerabilities don’t move the needle much on that.
Doesn't this suggest that the unlock code comes from the "cloud" and not your phone/app?
So if you loose internet access you are not able to unlock? Or maybe it locally caches the key?
First, this is obviously hilariously bad from a system perspective (un-authenticated/unauthorized rebind of lock) [1]
OTOH it appears the problem is entirely server side, and could be patched/mitigated by the provider?
It still seems possible that the lock is secure-ish. It might conceivably have some form of anchored trust (pinned cert?) to communicate with the server - and a secure/better rekey flow could maybe be implemented?
Still sounds crazy to delegate authorization entirely to the cloud (I'm guessing you can open the lock wo internet, but not re-key).
I'm not even crazy about "find my phone"-services - and that's considering the vendor typically owns the hw, the kernel and can push updates (ie: all bets are off anyway).
[1] I'm also curious about the "lock code" field in the data - does the service advertise the pin if you give the correct serial/hw ID of the lock? Or something else?
[+] [-] thedanbob|6 years ago|reply
[+] [-] zw123456|6 years ago|reply
[+] [-] jedberg|6 years ago|reply
I'd love to know what products you are using.
[+] [-] TylerE|6 years ago|reply
[+] [-] charles_f|6 years ago|reply
Been looking for that for a while but no way I ever trust a cloud connected one anf everything passable connects to cloud.
[+] [-] stiray|6 years ago|reply
[+] [-] germinalphrase|6 years ago|reply
[+] [-] OrangeTux|6 years ago|reply
Well, physical locks are not necessary harder to pick lock than electronic locks. Buy your self a pick lock set, practice a bit and be amazed how many locks you can pick.
[+] [-] josephwegner|6 years ago|reply
Any monkey can buy lock picks and pick a door lock. It's not hard. Generally if you buy a decent rake, it'll open most locks quickly. It's arguably much more work to hack the _smart_ side of a lock than it is to just pick the _dumb_ part.
The caveat here is that smart locks are often "picked" en masse - once you break one in a lab, you can immediately and silently do the same to the rest globally. This is similar to software hacking.
The guidance here should be to only purchase smart locks from vendors that you can trust to patch zero-days quickly. How you qualify a vendor as such is a mystery - I don't know that there's been enough zero days on smart locks to verify.
[+] [-] herpderperator|6 years ago|reply
[+] [-] ssully|6 years ago|reply
I get why people are hard on smart locks, but I really don't see them as any more insecure then regular locks.
[+] [-] harrisonjackson|6 years ago|reply
[+] [-] floatingatoll|6 years ago|reply
[+] [-] bluesign|6 years ago|reply
[+] [-] balls187|6 years ago|reply
The article says don't buy a smart-lock, but the convenience of having one-time access codes, scheduled access, delivery access, and linked to a security camera make the downsides (increased attack vectors) something I'm willing to live with.
[+] [-] berbec|6 years ago|reply
[+] [-] hestipod|6 years ago|reply
Inside most modern car keyfobs there is an "emergency" physical key...or should be (recently saw one where the space was empty as the dealer had failed to include it) It's not marked or obvious from the outside of most I have seen and some prying in some innocuous looking seam will be needed. One of those things that seems obvious once you know it but may not have run across.
[+] [-] gregable|6 years ago|reply
I enjoyed this youtube video of another smart (fingerprint?) lock being broken due to a digital reset. It has a plastic panel on the front where the fingerprint reader is. If you remove the panel with a razor blade (it's just attached with glue), it even has a reset button exposed which resets the fingerprint. https://www.youtube.com/watch?v=uVvEkcN5tW8
[+] [-] ihuman|6 years ago|reply
https://www.youtube.com/watch?v=WeCGTosv-_c
[+] [-] jedberg|6 years ago|reply
I just program a few extra codes into the lock ahead of time, and if I need to let someone in in an emergency, I just give them one of my burner codes and delete it when I get home.
I don't really need a log of every entry because the camera pointed at my door already gives me one of those. :)
[+] [-] mikeash|6 years ago|reply
[+] [-] JaggedNZ|6 years ago|reply
[+] [-] e12e|6 years ago|reply
OTOH it appears the problem is entirely server side, and could be patched/mitigated by the provider?
It still seems possible that the lock is secure-ish. It might conceivably have some form of anchored trust (pinned cert?) to communicate with the server - and a secure/better rekey flow could maybe be implemented?
Still sounds crazy to delegate authorization entirely to the cloud (I'm guessing you can open the lock wo internet, but not re-key).
I'm not even crazy about "find my phone"-services - and that's considering the vendor typically owns the hw, the kernel and can push updates (ie: all bets are off anyway).
[1] I'm also curious about the "lock code" field in the data - does the service advertise the pin if you give the correct serial/hw ID of the lock? Or something else?
[+] [-] one2zero|6 years ago|reply
[+] [-] balls187|6 years ago|reply
[+] [-] Damogran6|6 years ago|reply
[+] [-] outworlder|6 years ago|reply