[verandaguy_alt]

Coming from an infosec background and having touched on physical security, just don't use a smart lock:

- Best case, even with a responsible implementation, you're introducing more variables than are necessary into a supposedly secure system. If one of your dependencies fucks up, your lock is exploitable.

- Worst case, you have a typical IoT device, where the "S" stands for "security."

- In _either_ case, you're likely still going to include a physical lock mechanism for keys as a backup -- so you're basically just increasing the attack surface (significantly, I should add) by doing this.

Smart locks are currently high-risk appliances, and I'm fairly confident that most others with a security background will agree with me on that.

[setquk]

Agree entirely.

Look at the Brinks CompuSafe hack in 2015. Anything which increases the attack surface of a device reduces the security. In that case, a USB port.

And that wasn't even made by the lowest bidding startup.

[Klathmon]

But bad security that people will actually use is always going to be better than good security that they won't.

I know people that don't lock their doors because they don't want to deal with keys, or they forget to lock their doors all the time, or leave a key under a rock in front of their house.

For them, even a fairly insecure "smartlock" will be an improvement if it means they will actually use it.

[setquk]

You can’t fix idiots. We already know that.

[Klathmon]

It's that kind of thinking that makes bad security.

Time and time again it's been shown that if you design systems that are hard to correctly secure or make significant compromises in the name of "security", they end up being insecure because people just won't use them or will actively seek ways around them.

You can't just handwave away issues like usability and pretend that you've designed the "perfect" system or something.

If you design a good/secure keypad lock but it doesn't give people an easy way to let their family member in the house when they are away, they are just going to give out the code, leading to less security overall. If you design a secure keypad lock without a tumbler, the first time the batteries die and the user is locked out of their house they are going to replace it with something that won't lock them out.

Usability needs to be a core aspect of secure engineering. And oftentimes a "technically less secure" option is better, because it's actually usable by normal people in most cases.

A 5-point harness is safer than your average seatbelt, but we don't use them because forcing every car to have a 5-point harness would just end up with fewer people using them.

[setquk]

I think you are right but introducing a new paradigm (usually smart) over a standard operating model is a mistake.

These are all problems we have solved for years before without the technology so there are established ways of handling the situations. Adding complexity and a different way of doing things actually makes it harder and riskier.

Coordinating how to use a smart lock between two people is harder than it looks.

[Klathmon]

I've had a remotely operatable "smart Lock" for the last 5+ years, and at no point did it ever make things worse or harder.

On many occasions I was able to get a call from a family member to let them in, and there were many hundreds of times that I was able to lock or ensure the door was locked after I left the home.

I really feel layering is the ideal way to achieve this, as it means that any "smart" capability is easily disabled if found to be a problem, and we know that the underlying system is sound.

In my case I use a deadbolt that has a keypad, and they separately sell a zwave plugin for it that gives me local control, then I layer on an open source "gateway" that gives me control and notifications when away from the house.

If the gateway fails or is untrustworthy, I turn it off and the rest still works. If the zwave is found to be faulty, I pull it out and still have a functioning lock.

And until major vulnerabilities are found in any part of the "smart" add-ons, or until my lock starts unlocking on its own, it has greatly increased the security of our house, as well as increased my quality of life. No more getting out of bed at night to check that the door was locked, no more turning around to lock the door because I forgot when I left, and it was great when I was showing my last house as I could enable/disable the codes when I wanted, and get notifications when people came and left.

I'm not saying all new tech is good, just that this fear that "smart" (read "connected") is a bad thing inherently, and that the "traditional" ways of doing things, while perfectly fine for many, are not a panacea which can't be improved upon. The steam engine was great, the ICE was better, today's hybrid extremely-efficient engines are still better. Sure it's gotten more complex, but also significantly safer, easier, more resilient, and more powerful. In other words, complexity should be managed, not forbidden.

[drakenot]

Physical locks are trivially exploitable. I don't really see this as increasing the attack surface greatly when physical locks are so weak.

[Uberphallus]

What would you do if you rent an apartment to several people per week? Because even "don't copy" keys can be copied.

[mynameisvlad]

Most smart locks only replace the "back" part of the lock anyway, or augment the physical key slot to leave it as a backup, so, the point still stands that it only introduces new attack vectors. You'd still have the problem of someone being able to copy your "do not duplicate" key not to mention bumping/picking the lock, along with hacking the smart portion of the lock.

In the end, it's your decision, but the OP's comment stands fully: all the same attack vectors still exist, along with a bunch of new ones at the expense of convenience.

[dragonwriter]

> You'd still have the problem of someone being able to copy your "do not duplicate" key

Only if you distribute the “do not duplicate” key, but the whole point is to not do that.

[steve_musk]

I the the idea was you wouldn’t have to give out the key to renters and could just give them passcode/phone access, so it actually would be removing an attack vector.

[sitkack]

Use a keypad controlled, reprogrammable door lock. No internet required, codes easily rotated.

https://www.homedepot.com/b/Hardware-Door-Hardware-Door-Lock...

[verandaguy_alt]

If you're comfortable using a totally (physical) keyless solution, try a hotel-style mag strip-based access card, or an NFC alternative like a ProxCard.

AFAIK, most code-based locks include a physical lock cylinder as a backup.

[Klathmon]

Haven't those been found time and time again to be trivially exploitable?

[verandaguy_alt]

That varies from brand to brand, but generally, yes. Given that it's happened to devices whose manufacturers have a long history of being part of large enterprise security mechanisms, flaws are still being found and actively exploited.

While this isn't an indicator of the quality of newer brands specifically, I believe it's reflective of the state of the industry as a whole -- in that digital physical security as a whole is still immature and shouldn't be trusted to keep bad guys (determined adversaries) at bad.

[Klathmon]

I feel that "digital physical security" might be limited, but it's still better or the same in most cases as regular old "physical security".

A lock that can be bumped isn't very secure. A lock that can be bumped or it's code discovered via some kind of power-monitoring attack isn't any less secure. But one without a keyway that can be attacked via power-monitoring is more secure in my opinion.

Everything is tradeoffs, and physical security is no different. Don't let perfect be the enemy of good here. If you are in the security industry, you should know that "bad" security that people will use is better than "good" security that people won't.

If a "smart lock" means I forget to lock my door less, I can monitor and record those who go into my house, and I can get alerts if the door is opened via any method, I'd call that a win even if there were pretty significant vulnerabilities that allowed an attacker physically present to get in.

[reaperducer]

If you're going to run an amateur hotel, then try to do what the hotels do.