Less. Look at any Lockpicking Lawyer video on YouTube as he demonstrates in real time how bad they are. Most of his videos are under 5 min
If you want to really turn yourself off smart locks check out any DefCon talk about smart locks or “smart” devices in general.
And most dumb locks can also be picked in under 5 minutes. The difference is a smart lock can alert me when someone who isn’t me opens the door or leaves it open. Of course, most burglars are just going to break a window to get in.
There should be a separation between fully mechanical locks with electronic monitoring (ideal) and a mechanical lock with vital electronic components.
You can get a lot of locks which allows you to connect external mechanisms which can do just that. Don’t know anything ready out of the box, though
SwitchBot makes a retrofit deadbolt controller that straps onto the inside
deleted by creator
Removed by mod
I just watched LPL pick a smart lock with no keyhole. He just had to shove a bit of wire in the drain hole at the bottom. 🤦♂️
Right at the start dude….
Designed for administration of high occupancy.
Those are second line in those cases, that’s not supposed to go on someone’s front door…
A previous owner of my apartment had for some reason installed a high security door. It’s 5 inches thick with steel plates inside and has 3 separate sets of 3 locking rods like a bank vault. Not sure what line of work they were in but, really, good luck to the person who thinks they can break in here easily. Downside is there is no way to put a digital lock on the sucker.
I think I can come up with some guesses on their line of work
I would be worrying about fire fighters won’t be able to enter my apt when they need to.
Firefighters train for exactly such scenarios and will happily go through a nearby wall. The cops struggle with armored doors, but the guys with axes don’t bother.
You want them to break in for insurance purposes though, it’s a clear indication of unauthorized entry. Your policy should cover the door/window, but if your lock gets picked/bypassed you’re going to have a rough time getting things covered.
Why would they need proof of forced entry? Is that seriously a thing where you are?
This just isn’t true.
deleted by creator
My smart lock doesn’t change the locking mechanisms. It’s basically a robot on the inside that turns the lock like you would. The only security issue would have to be software side, which a typical thief isn’t going to bother with especially since you cost tell from the outside that’s it’s not a normal lock - because it is.
August lock btw.
I agree that most thieves won’t bother - but they do now have the additional option to hack it, making the lock less secure in total, not to mention the flawed mechanical design many of those smart locks have.
Yeah I’m just saying in my case they have no way of seeing that it’s a smart lock at all. The only smart part is an attachment on the interior side. So mechanically it’s 100% the same, and there is no visible indication that is “hackable,” even if it were. My door and it’s lock look as just like it did 15 years ago.
most of the smart locks that are supposed to be drop in replacements for traditional locks are mostly trash.
Personally been eyeing upgrading to UI’s access readers, but it lacks features like door unlock with Apple Homekey (for now anyways since it requires some specialty hardware). So been holding off.
This particular product is geared towards small business and large enterprises. But can be setup for home usage if you have to technical expertise.
If there is no keyhole to pick then it is probably marginally more secure, but if a burglar wants to get into your home then no door lock is going to stop them. They could just break it or break your windows.
This is it. The weakest part of most doors is the door. A sledge hammer will go through a door or window regardless of the lock.
Smart locks are way more convenient and the ability to grant timed access and unique access controls probably makes them more secure.
deleted by creator
If you’re caught with a lock pick, or sledge hammer or saw all, that establishes intent. You’ll do more time. Of course that’s a huge “if”
If they thought that far ahead they wouldn’t be running around breaking into homes and cars.
Have you seen the scrap prices for catalytic converters? Also, the best thieves of all time were the ones that stole the catalytic converters from the police vehicles in a certain major city. Other than taxes paying for their replacements, I’m not even mad, I’m impressed with their hubris.
They could just break it or break your windows.
This is why you need backup measures. For example, if they break in through my windows, they’ll be foiled by the micromachines I placed strategically on the floor. If they break through the door, they’ll have to contend with the blowtorch I have rigged just inside the entryway. Always remember, “this is my house, I have to defend it.”
What if you’re in another city that your uncle happens to live in and his house is being renovated, would you still be able to defend it?
As long as you befriend a homeless person beforehand, you’re covered.
If they manage to get past that, you should attach a paint can to some rope and have it rigged to swing towards them if they are coming up the stairs.
Man I am having some weird kind of deja vu today.
Traps are technically illegal.
Just leave some Lego on the ground. Perfectly legal, yet instantly lethal to anyone who steps on it.
instantly lethal to anyone who steps on it
I like to pretend the afterlife is like a big AA meeting or group therapy session where people have conversations about how they died.
“So how did you die?”
“Oh, I broke into someone’s house. The bastard left Legos everywhere. I tried my best to avoid them all, but it was so dark that I missed a dark blue 1x1 brick. It shattered every bone in my leg like tempered glass. The sudden collapse from pain and losing all structural integrity in my leg caused me to fall on the remaining Legos. A green plate sliced my jugular. The last thing I remember as things were going dark was a dark figure approaching. It was holding a Lego Millennium Falcon above its head as if it was going to throw it full-force against my skull. The next thing I knew, I was here.”
🤣
This was one of the best laughs I’ve had in a bit, thank you
smh conservatives have gone too far
Nah, that’s why I run linux
Bazinga.
I had a metal door and an iron gate inside with shitty locks. Burglers broke the locks and got in.
I replaced the door and got great locks. The locks held up fine but they broke the gate right out of the wall and got in.
If someone wants to get in, they will.
We have steel doors and protection metal bars in the windows in LATAM (yep, our houses are little fortress) and even that would not stop the most dedicated burglars…
You know, I feel cameras help even more, these scums get anxiety when they see cameras lol.
We have steel doors and protection metal bars in the windows in LATAM
Sounds a lot like Tucson…
Against what sort of attack? Who’s the attacker? What capabilities do they have? What do they want?
There’s a saying, “locks are to keep your friends out.” If someone really means you harm, a lock is not going to keep them out: they can smash a window, break down the door, or hit you with a rubber hose until you give them your keys or passwords. This applies no matter what kind of lock you have.
But a lock represents a social barrier: everyone knows that trying to defeat someone else’s lock is a hostile act. The law recognizes this in many places: breaking-and-entering is a more severe crime than trespassing.
A lock may slow down an attacker. It may redirect an attacker to go after your neighbor’s stuff instead of your stuff — but not if everyone has locks.
A password lock has some advantages over a key lock. You don’t have to issue physical keys to everyone you want to allow in. Many allow you to create and revoke passwords separately — so you can grant a friend access to your house while you’re away, and then revoke it when they no longer need it.
However, a password lock also has some disadvantages. If you give a password to one person, that person can easily give it to everyone. That’s a lot harder with a physical key, because they’d have to go make a lot of copies of that key — which, if nothing else, costs money and time.
A computerized lock can create an audit trail: it can record when it was opened, and even which credentials (passwords, keys, …) were used to unlock it.
Any lock can have vulnerabilities — most common key locks can be picked; computerized locks can be attacked through their computer hardware or software.
Thanks for reminding me of this XKCD gem!
https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis
In cryptography, rubber-hose cryptanalysis is a euphemism for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or torture—such as beating that person with a rubber hose, hence the name—in contrast to a mathematical or technical cryptanalytic attack.
There’s also just the social engineering side of it. I guessed my father’s door code just because I know his birthdate.
Beat me to it! Locks are just but one part of securing your home.
It is for a house in a residential area, and I don’t keep a lot of valuables in the house. I wish I knew who the attacker would be, so I can catch them with pre-crime.
If you’re concerned about burglars, one problem is that if they decide to hit your house, they can just break a window.
Where I live, burglars often hit cars rather than houses; and they’re very willing to break windows to get in, especially if they see something valuable in the car. They spend no time trying to defeat the locks — hell, some don’t even check if the car is locked. They’re pros; they’ve practiced smashing a window and looting the car quickly.
A lot of the loss due to burglary is the damage the burglar does on the way in, rather than the value of the things stolen. And upgrading locks does nothing to reduce this.
Maybe instead of upgrading your locks, you might be better off spending the same amount of money upgrading your insurance?
Are you an insurance salesman? Because this script probably would have worked on me!
Here’s a sillier economic take on it:
Locks should be difficult enough to break that if you can develop the skills to break them, you’re smart enough to get a real job and not be a burglar.
Cars have historically been broken into and stolen a lot. Thus auto makers have put extra effort into good locks. Some hardware store deadbolts are so bad you anyone can pick them with lock picks - no instructions needed. Only the best deadbolts are equal what a car has. Likewise breaking a car window is typically harder than breaking a house window.
Likewise breaking a car window is typically harder than breaking a house window.
All it takes to break a car window is a single tap. There’s specific tools available, or someone can just use a shard of ceramic. Shatters completely and instantly.
Right, if you have that tool. If you don’t have that tool though a rock you find won’t work unlike many house windows.
$10 on Amazon. Or just a piece of broken spark plug. Anyone who seriously wants to break a car window will have something handy.
Or maybe thieves are just walking down the street and see a fancy bag on a seat and a rock and just decide to do the deed on a whim and get foiled by tempered glass. ¯\_(ツ)_/¯
Shhh, most thieves don’t know that and are taking cheap opportunity.
I love my August smart lock. It auto-unlocks my door when I get home, so I never need keys or to reach for my phone. It also has a key pad to unlock if I dont have my phone. It has alerts and reports status on an app. I can unlock or lock the door remotely for people to check in on things for me while Im away.
Yes, it has issues and eats batteries, but its so convenient.
If you’re not in infosec you should be. (Source: am in infosec)
Oh, I did that for a while. 2001 was a mess of a year … right after the planes started flying again after 9/11, the Nimda worm came out.
Yeah that was a rough time indeed. I recall getting hit with a couple of those big worms back to back.
2002 was a blur, and then in 2003 came SQL Slammer.
They have a regular backup cylinder that has all the vulnerabilities of a regular lock.
On top of that they have a bunch of electronics that can be vulnerable.
I can’t see how it would be possible for them to be more secure unless you’re someone who leaves their keys around a lot and a smart lock would let you not have a key on you.
They don’t have to have a backup cylinder. The most common kind (Yale doorman) where I live doesn’t have one. If the Internal battery goes out you can plug in a 9V battery from the outside to power it.
Even worse, quite often those backup locks are very cheap
Thieves don’t pick locks or hack them. You mostly want to protect against brute force.
A lock is never weaker than a window. If someone wants in your house, there are ways that don’t have anything to do with your locks. Locks of any quality largely work by deterrence, rather than actual pickability or durability. If I have to literally break something to get in, I’m drawing attention to myself and immediately putting a count down on my robbery before a cop shows up or witnesses get a better look at me, my vehicle, etc. So it’s already not worth it for most petty thieves.
when some thieves broke into my neighbors house they first rang the door bell a few times to make sure no one was home, after that they hopped the fence and went window to window until they found one that was unlocked and went in that way
Yup. Path of least resistance
A broken window is clear indication of theft for insurance purposes. If your lock gets picked, you might be fucked depending on how your policy is written.
Removed by mod
I worked for a company that designed home security devices for a few years… Pretty much everyone i talked to agreed there is only 1 actually good security device that is an effective deterrent. Its called “Large Scary Dog”. Every other device is there just to notify you that all your shit is soon to be or already gone.
On the other hand, these digital locks, while not any safer, are much more convenient. I am all in on not having to carry keys and instead have a code to enter or some other easy access.
Most dogs are fine if you just carry treats and act polite. I’ve seen plenty of dogs just let intruders in because they were kind to them.
So…you were the intruder, right?
intrudes upon this conversation
…yep.
Ive always wondered what happens if the battery dies, do you still need to carry a key in case that happens
Usually there is a warning that the battery is dying well ahead of it actually being dead. One that can send notifications will ping your phone with a low battery message. Others have audible warnings. You unlock it and then it starts beeping at you. It keeps doing that until you either change the batteries or it eventually dies. But you have to do a lot of ignoring for it to die on you. Many do have key backups too though. Just in case
A few have external terminals to charge them when they die.
I have a 9v battery stashed in a flower pot next to my door for when it happens.
I hope there is a replacement replacement. Life deserves recursion.
Two is one, one is none.
There are ones like August that only add the smart lock on one side and retain the old hardware on the outside. If the battery runs out you just gotta use your key like a plebian. It warns you ahead of time it’s low though and I’ve never had it fail in the half decade I’ve had it.
Anything with added complexity will have a larger attack surface and more failure modes.
I have to disagree - this is more like the gate that blocks the sidewalk that you can get around by walking on the grass. The mechanical locks that these come with are significantly weaker, more common and better understood by thieves, that they wouldn’t bother even trying to figure out how to hack the smart lock.
That doesn’t invalidate their point. The electronic lock is just an additional potential point of failure with no added security. In addition to people who can pick or break the key lock, now there is an additional type of person who can break in: the kind that knows how to bypass electronic locks.
Same concept but why pick a lock when you can break a window or sliding glass door?
In other words… The attack surface is indeed larger for smart lock than dumb lock – more ways to attack – but in practice it matters little because existing home attack surface is easily breached.
PS the counter argument is smart locks come with added security controls: monitoring, logging, and the ability to auto lock in case someone forgets to lock it.
What would you recommend?
Honestly, the lock is one of the last things to worry about. If you have an outward opening door get security pins for your hinges.
Check out one of https://m.youtube.com/@DeviantOllam talk on door security and worry less about the lock and more about the door fixture. His hour long conference talks to through how a door is insecure how it can be exploited and what you can do to prevent it from happening.
Absolutely right! By far the majority of burglaries are with forced / destructive entry. Virtually all. That makes me think: if there is a “lockpicking lawyer” out there, what else lockpicking is there…?
Typically, external residential doors open inwards so that they can’t be blocked by someone on the outside. Of course this doesn’t apply if we’re talking about an internal or non-residential door.
It is region specific as in my place 2 out of 3 of my external doors open outwards. my place before that was about 50:50 for outwards or inwards opening doors.
I’m not sure. Honestly, it was mostly observation, and not straight fact. Perhaps it just more common on more recent construction. I don’t think I’ve ever been aware of an apartment or house door opening outward, except for screen doors on the outside of regular doors.
Trying to think through all doors of all places I have lived personally and I can not remember a single inward opening door in a house, cottage or apartment. I could very well be wrong but nothing comes to mind.
Based on the context, I think they would suggest going with the old school lock with a deadbolt. The more complex a device is, the more likely it is to have multiple vectors of attack.
Things might be different by now, but when I was researching this I decided on the Yale x Nest.
It’s more secure than a keyed lock in the following ways:
- Can’t be picked (no physical keyhole).
- Codes can be revoked or time-gated (for example, you can set the dog walker’s code to work only at the time of day they’re expected to come by).
- Guest codes can be set to provide real-time notifications when used.
- The lock keeps a detailed log of every time it’s used.
- The lock can be set to automatically lock the door after a certain amount of time.
It’s less secure than a physical traditional lock in the following ways:
- Compromise of a keycode isn’t as obvious as losing a key, so you might not change a compromised keycode the same way you might change a lost key.
- People can theoretically see a code being punched in, or intercept compromised communications to use it.
- Compromised app or login could be used to assign new codes or remotely unlock
It’s basically the same level of security in the following ways:
- The deadbolt can still be defeated with the same physical weaknesses that a typical deadbolt has: blunt force, cutting with a saw, etc.
- The windows and doors are probably just generally weak around your house, to where a determined burglar can get in no matter what lock you use.
- Works like normal without power or network connection (just can’t be remotely unlocked or reprogrammed to add/revoke codes if not online)
Overall, I’d say it’s more secure against real-world risk, where the weakest link tends to be the people you share your keys with.
Some smart locks are vulnerable to being manipulated with a magnet, if they’re poorly designed, since someone can just manipulate the motor from outside.
I’ve seen it for keypads that have to send a signal to an actuator located elsewhere, but I think the typical in-door deadbolt (where the keypad is mere millimeters from the motor itself) wouldn’t have the form factor leaving the connection as exposed to a magnet inducing a current that would actually actuate the motor.
Most of LPL’s videos on smart locks just defeat the mechanical backup cylinder, anyway. I’d love to see him take on the specific Yale x Nest model I have, though.
But since smart locks generally also have a traditional mechanical mechanism for backup, aren’t they inherently always less secure than a traditional lock since you can find the weakest link in either of the two mechanisms?
Usually yes, but this person is saying theirs does not have a physical keyhole.
Yup. The backup for battery failure on this model is that the bottom of the plate can accept power from the pins of a 9V battery, held there just long enough to punch in the code.
Ask the lockpicking lawyer. He regularly opens them on YouTube. On the other hand, he opens about anything. But those “smart” locks usually have additional weaknesses.
It’s why I went with an inside only smart lock (I have an August that’s been running like a champ for half a decade). A door lock is a deterrent in the first place, and I don’t expect it to ever stop someone sufficiently motivated. Hell, I broke through an exterior door by accident when I was a young teen - haven’t trusted them since.
However, if some cheat came out (like some of LPL’s “just hold a powerful magnet” locks) I’d rather not have an obvious smart lock that can be picked out from the street.
Yep. As soon as you consider a lock, look up whether the LPL had it done, and how he rated it.
Well, this is cool. Thanks!
Every one of the locks pictured have a traditional lock as a backup. Therefore, none of those smartlocks could ever be more secure. Even if the smart parts were 100% flawless, the lock will have all the weaknesses of a traditional door lock because one is included as a backup.
If you were to spend an equal cost on a lock, you will get more security from the traditional lock because all the budget can be spent on the lock instead of split between the lock and the electronics.
But how valuable is the security of the lock anyway? The weakest part of your home is the windows. If someone wanted to break into your house they can break your windows and climb through regardless what lock you have on the front door.
There is a movie from 1992 with Robert Redford, “Sneakers”. It is about a team of hackers, in a scene they face a door with an unexpected smart lock and find the right strategy, just kick the f* door.
But how valuable is the security of the lock anyway? The weakest part of your home is the windows. If someone wanted to break into your house they can break your windows and climb through regardless what lock you have on the front door.
Not so much in many apartments.
Generally not allowed to change the locks in an apartment anyways
Condos are a thing.
At least where I live condos and apartments aren’t treated as interchangeable terminology.
Eg if you check on Zillow
You can tell so much about your landlord if they make a big deal about this.
What are you talking about “every lock pictured”? There are two pictured that are a keypad and a 9-volt battery terminal.
A smart lock with a keyhole is never going to be more secure than a standard key lock as it is a standard key lock. Now that being said if the door will let you know every time its opened you could possibly head something off
I got a smart lock after realizing that we would simply forget to lock the front door sometimes since we typically leave via the garage. It’s connected to Home Assistant and now will lock automatically if no one is home.
Technically, I know that a smart lock is less secure, but in most real world scenarios, knowing that the lock will be locked when we are not home, on top of being notified if it becomes unlocked, I’d argue that it’s more secure now than when I had a dumb lock.
I know it sounds crazy but what I would really like is a smart lock built into the wall and wired up to electric and the bolt would go into a hollow in the door. Sorta reverse of a standard door lock. Problem is since its not standard it would be way more expensive. Its like something I would do if I was rich enough for money to not be an issue.
Far too many smart locks that are connected to a deadbolt use an actuator which can be tripped with a powerful magnet. No way would I trust them.
The LPL would have had to test them for me to trust them.
Same. If LPL can’t pick it, it’s godly lock
Doesn’t he pick every lock that he gets though?
I saw at least one where he couldn’t pick it, everyone in the comments was in shock
I musta missed that one somehow.
Still, I take him at his word that he makes it look much much easier than it is. And have bought a couple of locks based on his contentment with the quality and pick resistance.
What I have already works. I added a few security pins and my door will likely be broken before someone picks it. Insurance company will understand if I someone broke something to get in, which is why I’m not entirely made at kwikset.
Why add more points of potential failure? I’m more concerned someone can get in without me knowing they had.
I haven’t done a breakdown on smartlocks. I do work with machine locks, you know for safeties. We can make them pretty freaken hard to bypass, but I can.
Any person that specializes in IT will know that most of these smart locks/security measures are bullshit and traditional methods are much better.
Let’s be frank, traditional locks exist to keep honest people honest. It’s trivial to learn how to pick locks, there are YouTube channels dedicated to exactly that, and the tools can be purchased for very little upfront cash.
There is no such thing as a foolproof unpickable locks. Any lock that is designed to be opened will have vulnerabilities associated with it that can be exploited by somebody who knows how.
That said, smart locks are probably not much worse off in that regard. I think you can still use a manual key with some models, so that’s not really adding security, but rather convenience. For the ones that are 100% digital, the issue is just shifted to technical knowledge of the lock software and not the mechanical workings.
I’d say they aren’t any more or less secure, just another option that a determined thief can get past, either through skill or brute force if necessary.
There is at least the possibility to get a good traditional lock that is trusted by organisations that value security and has the interest in getting security solutions that genuinely defeat intrusion.
Anyways, the general idea should be to have a house lock that is better than your neighbors, and that is sufficient for most purposes.
I’d say the main purpose of any kind of lock (meaning the weakest link all around your house - strong front door won’t help if the kitchen door to the patio is always unlocked) is to be less appealing to burglars than the next house. At least that is how it works in Germany: Burglars drive around in vans, typically in daylight, sometimes walk around houses, looking for opportunities. If they see a cracked window, or an easy to access balcony door without too much exposure, they’ll give it a go. If that balcony door (I lived in a flat with that setting) has a big iron grating installed in front of it, they’ll move on and look for another place to rob, not because they couldn’t maybe find out that the iron grating is not attached very well, but because it looks like too much effort to even invest the time to find out.
I know smartlocks have had their share of vulerabilities. I remember 3 or 4 years ago hearing about things such as sending codes un-encrypted over wifi or basing their security on MAC addresses alone. Both are practically a ‘key on top of the doormat’ travesty. THis may have got better. I think the issue is that manufacturers jump at a market without having much knowledge of IT security. Similar to whats happening with the connectivity of cars. The fact that most peeps in IT security(ok, they might lean towards the paranoid) will not have a smart lock on their house is enough for me for the time being.
Yeah, the security of the commercial smart locks is a disaster, so I had to program my own lol
Definitely less secure, but way more convenient. Security for residential door locks doesn’t really matter that much though; thieves are unlikely to try to pick your lock or use some smart-device exploit to access your home - they’ll just smash a window.
Security 101 : If it’s convinient for you, it’s convinient for the attacker as well.
Ssh keys are pretty damn convenient.
Agreed, most of home security is to try and make your neighbours a more tempting target than you. The ethical choice is to do it by making your home a bit more difficult to break into though I guess you could “debuff” the neighbours as well 😉
deleted by creator
A dog with a loud bark will always be more effective than any lock or security system. My border collie is a super lovable dog but her bark is designed to scare off wolves. It’s sounds mean and scary. Truly one whose bark is worse than the bite. She hasn’t ever bit a human but she pinned a pit bull that challenged her and gave him a bite to remember.
My late father would say “A lock only keeps an honest man honest”.
If a criminal really wants to break in, they’ll find a way…
Edit: Meant to post that as a top level comment, but whatever LOL!