[OrangeTux]

> DO NOT. Ever. Buy. A smart lock. You’re better off with the “dumb” ones with keys.

Well, physical locks are not necessary harder to pick lock than electronic locks. Buy your self a pick lock set, practice a bit and be amazed how many locks you can pick.

[josephwegner]

The same rule applies to smart locks as applies to dumb locks: A lock does no more than keep an honest man, honest.

Any monkey can buy lock picks and pick a door lock. It's not hard. Generally if you buy a decent rake, it'll open most locks quickly. It's arguably much more work to hack the _smart_ side of a lock than it is to just pick the _dumb_ part.

The caveat here is that smart locks are often "picked" en masse - once you break one in a lab, you can immediately and silently do the same to the rest globally. This is similar to software hacking.

The guidance here should be to only purchase smart locks from vendors that you can trust to patch zero-days quickly. How you qualify a vendor as such is a mystery - I don't know that there's been enough zero days on smart locks to verify.

[herpderperator]

I think you'll be surprised. You should watch some of these videos: https://www.youtube.com/channel/UCm9K6rby98W8JigLoZOh6FQ - choose any one of his videos. It'll be picked in under a minute.

[dogma1138]

LPL is an amazing lock picker, anyone with this level of skill is much better off working as a locksmith or a security consultant.

Most B&E’s aren’t exactly executed by master thieves they aren’t single pin picking your locks.

When selecting a door lock or a pad lock you should care only that it can be raked or bypassed, for bike locks you should also care that it can’t be easily cut.

For the most part your door is likely going to be the weakest link as most people don’t have reinforced doors and door frames.

[e12e]

Many people even install glass windows.

[NikkiA]

Smashing a window is unnessecary noise.

I've been burgled 4 times in my life, all 4 were either jimmied window or jimmied door (usually a screwdriver as a prying tool).

[ChrisRR]

4 times? Where do you live just out of interest?

[NikkiA]

I don't live there any more, but 3 times were Middlesbrough UK, the 4th was in Mountain View, CA.

[tendencydriven]

Why? You looking to make it 5 times?

[hvidgaard]

I happen to like a challenge, and I can say through experience that picking any modern reasonably priced lock is not something you learn in a week. Besides, the vast majority of burglars do not pick locks - they pry open doors or windows, and if they cannot they either find a different house or break a window.

[SAI_Peregrinus]

LPL is one of the best pickers in the world. He's one of about 10 people I know of who's ever picked a Mul-T-Lock MT5+, for example. His picking attacks are by no means typical. He also practices picking each lock before making the pick on video. That makes for better (faster) video, but is less real-world. Bosnianbill does more real-world style picking (and is only very slightly behind LPL in skill).

LPL's real good videos are his physical attacks. Whether it's twisting, core pulling, or breaking out the Ramset, all are more likely than a criminal trying to SPP a lock.

[ChrisRR]

Lockpickinglawyer is an absolute expert in his field though.

There's a difference between using a lock that requires an expert to pick, vs a smart lock that requires an expert to write an app that anyone can use to hack the lock.

[ssully]

I had my house broken into once and they just used a crowbar. My neighbor heard them do it, but assumed someone was just doing some work outside.

I get why people are hard on smart locks, but I really don't see them as any more insecure then regular locks.

[pdkl95]

One of the problems with many "smart" locks is that they tend to be made by people that don't have a lot of experience making locks. Many smart locks are vulnerable to many types of physical attack, including very old exploits that most locks (even many cheap locks) defend against.

For example, here[1] is a "keyless bluetooth padlock" that can be opened trivially by rapping the locking pall with any hammar-like tool ("rock"). (it also has far too much around the shackle, so can also be opened with a a simple shim (e.g. a small cutout from a cola can). Another common problem are locks that don't seal their electronics securely, so they can be attacked by simply unscrewing a panel, ripping out the electronics. and touching the battery wires to the locking pal's actuator.

However, that type of problem are simply poor designs. In theory, in the future better designs could be made that include protections against well-known attack methods similar to what is already included in many "regular" locks.

A fundamental concern with locks that depend on radio (or worse, the internet) is what the lock does when when the radio/internet communication fails (for any reason). Does the lock fail-open, or fail-closed[2]? Did the lock even address this important question? Does the lock open if someone unplugs the router? Or does it trap people behind the lock if a fire destroys the cable/DSL modem? Physical locks also have failure-mode concerns, but they tend to be limited to something happening locally, With "smart" devices, you are adding remote resources (like the internet router in another room, or remote servers, etc) as a critical component of the lock's security. That is a terrible idea if you that remote resource is intrinsically outside your control.

[1] https://www.youtube.com/watch?v=vIbXC5LR8aQ

[2] https://en.wikipedia.org/wiki/Fail-safe#Fail_safe_and_fail_s...

[e12e]

There are limits to how secure your house can (should) be without violating fire regulations (if applicable) - or safety.

If there's a fire or medical emergency (heart attack, allergic reaction/anaphylactic shock etc) - you generally don't want it to be too hard to break in...

[TylerE]

The lock is only as good as the door it's attached to.. and the doors in a lot of new construction (especially in suburban McMansions) is really bad. You could probably kick most of 'em in.

[harrisonjackson]

Agreed. I've also learned the hard way that a heavy boot kicks through a door and windows are made of this easy to break material. Given access and time/privacy, there aren't many things that are secure from people that want inside.