this post was submitted on 06 Sep 2023
245 points (95.9% liked)

No Stupid Questions

35844 readers
1664 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 1 year ago
MODERATORS
 
top 50 comments
sorted by: hot top controversial new old
[–] slazer2au 130 points 1 year ago (8 children)

Less. Look at any Lockpicking Lawyer video on YouTube as he demonstrates in real time how bad they are. Most of his videos are under 5 min

If you want to really turn yourself off smart locks check out any DefCon talk about smart locks or "smart" devices in general.

[–] dogslayeggs 98 points 1 year ago (1 children)

And most dumb locks can also be picked in under 5 minutes. The difference is a smart lock can alert me when someone who isn't me opens the door or leaves it open. Of course, most burglars are just going to break a window to get in.

[–] Madison420 27 points 1 year ago (2 children)

There should be a separation between fully mechanical locks with electronic monitoring (ideal) and a mechanical lock with vital electronic components.

load more comments (2 replies)
load more comments (4 replies)
[–] Izzy 85 points 1 year ago (6 children)

If there is no keyhole to pick then it is probably marginally more secure, but if a burglar wants to get into your home then no door lock is going to stop them. They could just break it or break your windows.

[–] [email protected] 50 points 1 year ago (4 children)

This is it. The weakest part of most doors is the door. A sledge hammer will go through a door or window regardless of the lock.

Smart locks are way more convenient and the ability to grant timed access and unique access controls probably makes them more secure.

load more comments (4 replies)
[–] NevermindNoMind 30 points 1 year ago (8 children)

They could just break it or break your windows.

This is why you need backup measures. For example, if they break in through my windows, they'll be foiled by the micromachines I placed strategically on the floor. If they break through the door, they'll have to contend with the blowtorch I have rigged just inside the entryway. Always remember, "this is my house, I have to defend it."

[–] son_named_bort 14 points 1 year ago (1 children)

What if you're in another city that your uncle happens to live in and his house is being renovated, would you still be able to defend it?

load more comments (1 replies)
[–] [email protected] 10 points 1 year ago (1 children)

If they manage to get past that, you should attach a paint can to some rope and have it rigged to swing towards them if they are coming up the stairs.

load more comments (1 replies)
load more comments (6 replies)
[–] [email protected] 21 points 1 year ago (1 children)

Nah, that's why I run linux

load more comments (1 replies)
[–] silentdon 13 points 1 year ago* (last edited 1 year ago)

I had a metal door and an iron gate inside with shitty locks. Burglers broke the locks and got in.

I replaced the door and got great locks. The locks held up fine but they broke the gate right out of the wall and got in.

If someone wants to get in, they will.

load more comments (2 replies)
[–] fubo 56 points 1 year ago (15 children)

Against what sort of attack? Who's the attacker? What capabilities do they have? What do they want?


There's a saying, "locks are to keep your friends out." If someone really means you harm, a lock is not going to keep them out: they can smash a window, break down the door, or hit you with a rubber hose until you give them your keys or passwords. This applies no matter what kind of lock you have.

But a lock represents a social barrier: everyone knows that trying to defeat someone else's lock is a hostile act. The law recognizes this in many places: breaking-and-entering is a more severe crime than trespassing.

A lock may slow down an attacker. It may redirect an attacker to go after your neighbor's stuff instead of your stuff — but not if everyone has locks.


A password lock has some advantages over a key lock. You don't have to issue physical keys to everyone you want to allow in. Many allow you to create and revoke passwords separately — so you can grant a friend access to your house while you're away, and then revoke it when they no longer need it.

However, a password lock also has some disadvantages. If you give a password to one person, that person can easily give it to everyone. That's a lot harder with a physical key, because they'd have to go make a lot of copies of that key — which, if nothing else, costs money and time.

A computerized lock can create an audit trail: it can record when it was opened, and even which credentials (passwords, keys, ...) were used to unlock it.

Any lock can have vulnerabilities — most common key locks can be picked; computerized locks can be attacked through their computer hardware or software.

[–] Late2TheParty 35 points 1 year ago (2 children)

Thanks for reminding me of this XKCD gem!

https://xkcd.com/538/

[–] fubo 21 points 1 year ago (1 children)

https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis

In cryptography, rubber-hose cryptanalysis is a euphemism for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or torture—such as beating that person with a rubber hose, hence the name—in contrast to a mathematical or technical cryptanalytic attack.

load more comments (1 replies)
load more comments (1 replies)
load more comments (14 replies)
[–] zxqwas 47 points 1 year ago (2 children)

They have a regular backup cylinder that has all the vulnerabilities of a regular lock.

On top of that they have a bunch of electronics that can be vulnerable.

I can't see how it would be possible for them to be more secure unless you're someone who leaves their keys around a lot and a smart lock would let you not have a key on you.

[–] [email protected] 15 points 1 year ago

They don't have to have a backup cylinder. The most common kind (Yale doorman) where I live doesn't have one. If the Internal battery goes out you can plug in a 9V battery from the outside to power it.

[–] [email protected] 12 points 1 year ago

Even worse, quite often those backup locks are very cheap

[–] [email protected] 42 points 1 year ago (12 children)

Anything with added complexity will have a larger attack surface and more failure modes.

load more comments (12 replies)
[–] [email protected] 42 points 1 year ago (2 children)

Thieves don't pick locks or hack them. You mostly want to protect against brute force.

[–] kryptonianCodeMonkey 25 points 1 year ago (3 children)

A lock is never weaker than a window. If someone wants in your house, there are ways that don't have anything to do with your locks. Locks of any quality largely work by deterrence, rather than actual pickability or durability. If I have to literally break something to get in, I'm drawing attention to myself and immediately putting a count down on my robbery before a cop shows up or witnesses get a better look at me, my vehicle, etc. So it's already not worth it for most petty thieves.

[–] [email protected] 18 points 1 year ago (3 children)

when some thieves broke into my neighbors house they first rang the door bell a few times to make sure no one was home, after that they hopped the fence and went window to window until they found one that was unlocked and went in that way

load more comments (3 replies)
load more comments (2 replies)
[–] UPGRAYEDD 23 points 1 year ago* (last edited 1 year ago) (9 children)

I worked for a company that designed home security devices for a few years.. Pretty much everyone i talked to agreed there is only 1 actually good security device that is an effective deterrent. Its called "Large Scary Dog". Every other device is there just to notify you that all your shit is soon to be or already gone.

On the other hand, these digital locks, while not any safer, are much more convenient. I am all in on not having to carry keys and instead have a code to enter or some other easy access.

load more comments (9 replies)
[–] [email protected] 41 points 1 year ago (4 children)

Things might be different by now, but when I was researching this I decided on the Yale x Nest.

It's more secure than a keyed lock in the following ways:

  • Can't be picked (no physical keyhole).
  • Codes can be revoked or time-gated (for example, you can set the dog walker's code to work only at the time of day they're expected to come by).
  • Guest codes can be set to provide real-time notifications when used.
  • The lock keeps a detailed log of every time it's used.
  • The lock can be set to automatically lock the door after a certain amount of time.

It's less secure than a physical traditional lock in the following ways:

  • Compromise of a keycode isn't as obvious as losing a key, so you might not change a compromised keycode the same way you might change a lost key.
  • People can theoretically see a code being punched in, or intercept compromised communications to use it.
  • Compromised app or login could be used to assign new codes or remotely unlock

It's basically the same level of security in the following ways:

  • The deadbolt can still be defeated with the same physical weaknesses that a typical deadbolt has: blunt force, cutting with a saw, etc.
  • The windows and doors are probably just generally weak around your house, to where a determined burglar can get in no matter what lock you use.
  • Works like normal without power or network connection (just can't be remotely unlocked or reprogrammed to add/revoke codes if not online)

Overall, I'd say it's more secure against real-world risk, where the weakest link tends to be the people you share your keys with.

[–] T156 17 points 1 year ago (1 children)

Some smart locks are vulnerable to being manipulated with a magnet, if they're poorly designed, since someone can just manipulate the motor from outside.

load more comments (1 replies)
load more comments (3 replies)
[–] Treczoks 34 points 1 year ago (1 children)

Ask the lockpicking lawyer. He regularly opens them on YouTube. On the other hand, he opens about anything. But those "smart" locks usually have additional weaknesses.

[–] [email protected] 12 points 1 year ago (2 children)

It's why I went with an inside only smart lock (I have an August that's been running like a champ for half a decade). A door lock is a deterrent in the first place, and I don't expect it to ever stop someone sufficiently motivated. Hell, I broke through an exterior door by accident when I was a young teen - haven't trusted them since.

However, if some cheat came out (like some of LPL's "just hold a powerful magnet" locks) I'd rather not have an obvious smart lock that can be picked out from the street.

load more comments (2 replies)
[–] Hildegarde 31 points 1 year ago (7 children)

Every one of the locks pictured have a traditional lock as a backup. Therefore, none of those smartlocks could ever be more secure. Even if the smart parts were 100% flawless, the lock will have all the weaknesses of a traditional door lock because one is included as a backup.

If you were to spend an equal cost on a lock, you will get more security from the traditional lock because all the budget can be spent on the lock instead of split between the lock and the electronics.

But how valuable is the security of the lock anyway? The weakest part of your home is the windows. If someone wanted to break into your house they can break your windows and climb through regardless what lock you have on the front door.

[–] fr_mg 10 points 1 year ago

There is a movie from 1992 with Robert Redford, "Sneakers". It is about a team of hackers, in a scene they face a door with an unexpected smart lock and find the right strategy, just kick the f* door.

load more comments (6 replies)
[–] [email protected] 25 points 1 year ago (2 children)

A smart lock with a keyhole is never going to be more secure than a standard key lock as it is a standard key lock. Now that being said if the door will let you know every time its opened you could possibly head something off

load more comments (2 replies)
[–] Hazdaz 19 points 1 year ago (6 children)

Far too many smart locks that are connected to a deadbolt use an actuator which can be tripped with a powerful magnet. No way would I trust them.

The LPL would have had to test them for me to trust them.

load more comments (6 replies)
[–] Matriks404 18 points 1 year ago (1 children)

Any person that specializes in IT will know that most of these smart locks/security measures are bullshit and traditional methods are much better.

[–] Furbag 13 points 1 year ago (2 children)

Let's be frank, traditional locks exist to keep honest people honest. It's trivial to learn how to pick locks, there are YouTube channels dedicated to exactly that, and the tools can be purchased for very little upfront cash.

There is no such thing as a foolproof unpickable locks. Any lock that is designed to be opened will have vulnerabilities associated with it that can be exploited by somebody who knows how.

That said, smart locks are probably not much worse off in that regard. I think you can still use a manual key with some models, so that's not really adding security, but rather convenience. For the ones that are 100% digital, the issue is just shifted to technical knowledge of the lock software and not the mechanical workings.

I'd say they aren't any more or less secure, just another option that a determined thief can get past, either through skill or brute force if necessary.

load more comments (2 replies)
[–] [email protected] 18 points 1 year ago (1 children)

I know smartlocks have had their share of vulerabilities. I remember 3 or 4 years ago hearing about things such as sending codes un-encrypted over wifi or basing their security on MAC addresses alone. Both are practically a 'key on top of the doormat' travesty. THis may have got better. I think the issue is that manufacturers jump at a market without having much knowledge of IT security. Similar to whats happening with the connectivity of cars. The fact that most peeps in IT security(ok, they might lean towards the paranoid) will not have a smart lock on their house is enough for me for the time being.

load more comments (1 replies)
[–] MooseBoys 16 points 1 year ago (4 children)

Definitely less secure, but way more convenient. Security for residential door locks doesn’t really matter that much though; thieves are unlikely to try to pick your lock or use some smart-device exploit to access your home - they’ll just smash a window.

load more comments (4 replies)
[–] YoBuckStopsHere 15 points 1 year ago (1 children)

A dog with a loud bark will always be more effective than any lock or security system. My border collie is a super lovable dog but her bark is designed to scare off wolves. It's sounds mean and scary. Truly one whose bark is worse than the bite. She hasn't ever bit a human but she pinned a pit bull that challenged her and gave him a bite to remember.

[–] over_clox 18 points 1 year ago* (last edited 1 year ago)

My late father would say "A lock only keeps an honest man honest".

If a criminal really wants to break in, they'll find a way...

Edit: Meant to post that as a top level comment, but whatever LOL!

[–] MegaUltraChicken 13 points 1 year ago

I pick locks as a hobby. Your door lock is almost never the point of attack. It's way easier to break the door or windows. Only time picking would be useful is if you need to conceal that you've entered, which burglars don't typically care about.

[–] CoughingwithCoffee 13 points 1 year ago (2 children)

I feel sorry for my neighbor who has to repeat whatever phrase his smartlock accepts over and over while being locked out of his house.

[–] afraid_of_zombies 43 points 1 year ago

I got a lock pick set and was pretty happy learning how to pick all the locks in my house. So I ran out to a hardware store to buy more padlocks and some other stuff. Come in the house and noticed I left the bag of padlocks I bought in my car. Go out to my car and noticed I forgot my keys. Head back and my door is locked. Locked out of my house and car. Through the window I can see my lock picking set on the kitchen table, mocking me.

I have decided to never share this story with my wife.

load more comments (1 replies)
[–] [email protected] 12 points 1 year ago (1 children)

So, disregarding physical brute force (because that lock bypass method will never change), let's say a smart lock today is functionally equivalent to a traditional lock in terms of security. How's that smart lock going to look in 5 years? In 10? When is the manufacturer going to abandon the product and stop providing security updates? It's only a matter of time before whatever firmware it shipped with becomes obsolete. And then it's just one more thing on the list of pwnd devices that unscrupulous actors can access at will. Your friendly neighborhood junkie in search of quick cash might not know the difference, but a list of people that have e-Lock v2.2 would be very lucrative to the types of people that run the current smash and grab operations.

Soft/firmware obsolescence is a thing with any "smart" device, but it becomes especially egregious when it's built into what are traditionally durable devices like appliances. And even more so when it's something embedded, like a lock, outlet, etc. It becomes "replace that light fixture, or leave that vulnerability on the network." A lock takes that from "someone can waltz into my home network" to "someone can waltz through my front door."

load more comments (1 replies)
[–] [email protected] 11 points 1 year ago (10 children)

if someone wants in, a lock wont even slow them down. check out lock-picking lawyer

load more comments (10 replies)
[–] [email protected] 11 points 1 year ago* (last edited 1 year ago) (1 children)

It depends on your threat vector. In the academic sense they're less secure but if you often loan out keys they're more secure because you don't have to give someone the key. If you often forget to lock the door they're more secure because you can do it remotely.

load more comments (1 replies)
load more comments
view more: next ›