75 percent of Bluetooth smart locks can be hacked


#1

Originally published at: http://boingboing.net/2016/08/08/75-percent-of-bluetooth-smart.html


#2

Betcha 100% of them can be hacked.


#3

“So does this use the Hacking mini-game or the Lockpicking mini-game?” ~ Someone who has played too much Fallout 4


#4

More kids die by accidental drowning in the bath than by hacked bluetooth lock. Are we going to regulate bathtubs too?


#5

how hard would it be for the lock to use public key cryptography?


#6

Engineering it would be easy, if people invested time in such things. Key management would be the larger problem from the consumer perspective.


#7

Shrug. And 99% of door mechanical locks can be picked.
(…your security is an illusion.)


#8

Of course security isn’t a binary, and there are no absolutes. The biggest current issue is consumers not having a way to compare products.


#9

Yes, but does the lock make what’s behind it worth it.


#10

There’s one important difference. Picking a good mechanical lock requires skill (and takes time). But as soon as wireless locks are in wide use, you’ll be able to download an Android app that unlocks any vulnerable lock: it will take seconds to work, and require no expertise to use at all.


#11

“Four locks, for example, transmitted their user passwords in plaintext to smartphones”

/headdesk
How on Earth can a product be that incompetently made? And it only gets worse from there…

They can’t be picked by simply standing in the general vicinity of someone using the key, nor can one effectively change the lock with the same ease. These locks are essentially spitting out duplicates of the key for anyone in the area who wants one.


#12

To use it? Not hard at all.

To use it properly? Pretty tricky, it turns out. Cryptography and cryptographic protocol design are two distinct fields, both difficult in their own right.


#13

No lock is truly secure, the faster the authorized user can operate it, the easier it is to circumvent.

Bump keys and pick guns are pretty fast and don’t really need skill. But I’m generally opposed to putting radio controlled battery operated systems in places where mechanical systems work pretty well.

Also remember this next time someone talks about “Smart Guns”. It’s a solution that works worse and costs more then the existing solutions (lock boxes) and offers no significant benefit.


#14

Inserting a key and twisting it takes the same amount of time-- whether it’s a Kwikset, or a Masterlock, or a Medeco, or an Alboy Protec, or a MulTLock. But circumventing a Kwikset or a Masterlock is much easier than the other locks.


#15

I was referring to when you make different methods of access. Key vs PIN pad vs combination lock vs wireless dohickey. Relative quality applies within categories.

But your point is taken as different implementations of similar systems can be drastically different in the amount of time needed to circumvent. I probably shouldn’t have overgeneralized.


#16

@beschizza should put one of these on his safe so he can open it.


#17

This topic was automatically closed after 5 days. New replies are no longer allowed.