[UrMomReadsHN]

Theres insurance issues to consider...

If you report to your insurance company you have a deadbolt and then your house gets broken into. (Perhaps due to a flaw in the software?) Now your insurance company finds out you have a Bluetooth dohicky on your door rather than a physically locked deadlock lock. Your insurance now won't pay up.

I'm not sure how much those Proxcards that every business in the world uses costs, but they sure are time tested and convenient. Probably expensive though. I believe they are RFID.

Don't put this on your rental property either until you consult your local laws regarding requirements for doors and locks for rentals to see if this meets the requirements.

[blisterpeanuts]

No offense but what's the evidentiary basis for these statements? Are you in the insurance business, or in the lock business?

I work for a company that makes many types of locks and currently is developing NFC and BLE solutions.

The fact is, any kind of lock is vulnerable to a determined and skillful attacker. There are BLE locks that "phone home" to check a password before they'll open; there are NFC locks that are actuated by RF-powered NFC chips that are almost un-crackable except by the Chinese Army or similar organizations.

Then there are conventional badges, key cards and physical keys in universal use, that are rather easily cracked or copied.

Vulnerabilities are already factored into insurance rates. The advantage of a connected BLE or NFC entry system is that it can require a remote login before the door will open. For example, enter the BLE region, the app pops up and prompts you for a PIN, then actuates the unlocking mechanism using an encrypted protocol. No technology is perfectly secure, but these technologies do present great possibilities for improving on current approaches to access control.

[UrMomReadsHN]

>No offense but what's the evidentiary basis for these statements? Are you in the insurance business, or in the lock business?

No. It was a hypothetical situation to CONSIDER. Everyone's situation is different. You should consider what insurance ramifications would be and make sure you are reporting accurately to your insurance company, because inaccuracies can potentially have bad consequences. Unknowingly. Unlikely, but worth looking into first. Check the wording on your policy, it may list things that are disallowed. It may have a different category for electronic locks (and you may even get a discount!) Not saying this is insecure or a physical lock is better, but its use may be excluded in your policy for whatever stupid or non stupid reason. Check it. Thats all I'm saying.

You read my post wrong.

[secabeen]

The issue he (and I) have, is that this is worst-first thinking. Sure, your insurance company could deny you coverage, but it's very unlikely. In the absence of evidence that insurance companies do this (and insurance regulators allow it), we should act under the more likely outcome rather than an hypothetical worst-case scenario.

That's why he asked if you were in the lock or insurance industry. Someone with experience in these matters would be qualified to speculate on the importance of taking this into consideration. Without that expertise, rhetoric like this feels like advice to always wear a helmet in case of flying debris. Well-meaning, but unrealistic.

[UrMomReadsHN]

I work in an industry that is highly regulated and law and policy must be followed to a T. Our policies are extremely specific.

It isn't "worst-first" thinking, it is "ok, I'm replacing a critical component, does this replacement meet all the the required specifications of the thing I am replacing it with? What are the potential consequences?" Which takes almost no time, its just a question that needs to be answered in my field.

Perhaps my work in such a regulated environment has taught me to think that way.

I have family in the insurance business, and they've talked about having to deny claims for various (kinda silly in a way) reasons. And getting death threats because of it...

[toomuchtodo]

> I'm not sure how much those Proxcards that every business in the world uses costs, but they sure are time tested and convenient. Probably expensive though.

I installed a proximity card system a few jobs ago, and each IP enabled reader from HID (http://www.hidglobal.com/products/readers/iclass/rw400) was about $550 for both the external RFID interface and then the internal in-wall control unit (that used POE Ethernet to connect to the network). The cost per card is fairly trivial.

> Don't put this on your rental property either until you consult your local laws regarding requirements for doors and locks for rentals to see if this meets the requirements.

There are no code issues with this as long as if power fails, internal occupants can still exit the building (fire code).

[UrMomReadsHN]

>There are no code issues with this

How do you know? Landlord tenant laws are incredibly local (you can't possibly know all of them for all locales in the world) and can be very specific and probably haven't gotten caught up to new technology. My town (just the town!) has a 30+ page document on what a landlord has to provide a tenant written in very VERY specific terms. Thats not even considering state laws. And federal.

[toomuchtodo]

Because a proximity card is no different than a physical key, and any door that uses a proximity card is going to use an electric strike plate which is already in use to allow tenants to buzz guests in remotely.

I admit there may be some batshit insane locale that prohibits RFID access control, but its not a concern for almost everyone else.

Disclaimer: I have been a landlord previously, in several Illinois cities.

[UrMomReadsHN]

Holy crap, yes, I agree, proxcards are the same as physical keys and are no more or less secure or insecure. Everything its benefits and weakness. However, its worth taking 5 minutes to consult your laws to see if what you're doing is legal even if it "should" be. Laws can be (and are all the time) written by people who don't understand the issues at hand. An ounce of prevention is worth a pound of cure, and all that. You don't want to (potentially) have issues down the line that are very very easily preventable.

I deal with extremely detailed regulations and policy on a regular basis (I work in a very regulated field) and we MUST do things that are very specific all the time. We need to follow the letter of the law (not just the intention). Looking up "hey, can I do this?" is part of my job, so I'm ALWAYS thinking that way. Policy is usually one step back from new technology. You may have laws and regulation that details specific technologies that may be used in different applications.

[fryguy]

Proximity cards themselves are secure, but usually the thing that opens the door isn't: https://www.youtube.com/watch?v=Bttr7fEfxiE

[lotsofmangos]

most RFID proximity cards have some fairly large security issues - http://cq.cx/proxmark3.pl

[UrMomReadsHN]

Thanks for the interesting read. :)

[umsm]

Insurance is designed to cover loss in case of accidents, natural disaster, etc.

You can't say your homeowners insurance won't cover you because your house burned down because you were cooking and you aren't a world-class chef.

[UrMomReadsHN]

Huh?

My insurance covers me in the case of theft. When I applied for my policy the adjuster asked me questions about my physical security. Do I have a deadbolt? Security system? Things like that. These variables (along with others, crime rate of my neighborhood, for example) were plugged in and I was given a policy with a premium tailored to my risk. If I lie about my risk to get a lower premium, then if I make a claim, then I won't be covered.

Consider a 100% purely hypothetical situation where I told my insurance company I have a deadbolt on my door. They issue me a policy based on that information. This policy has language in it that defines what a deadbolt is. I then replace my deadbolt with something that doesn't fit the language of my policy. I make a claim, and an insurance adjuster comes to my house. They notice that I was using a tool to secure my door that didn't fit with my policy language. Now I won't be covered because I didn't follow the policy.

Of course that's entirely hypothetical. Maybe (probably?) not even likely. But since it takes all of 5 minutes to verify if the new lock you are installing is compatible with your insurance policy, it would be braindead to not check.

Just something to consider...

[umsm]

The argument isn't whether or not you have a deadbolt, but rather that the technology used in the deadbolt will sway an insurance company not to pay the claim.

Using a bluetooth deadbolt can be compared to using a lock with medeco biaxial pins. The insurance company finds out that medeco biaxial pins are easier to break into with specialized tools and they deny your claim.

This is a moot point, so I would suggest an easier way to break in to your home that doesn't require advanced tech skills: use a rock to break a window ;)

[tw04]

You could literally never lock your doors and your insurance company will still pay up. Your post is painfully misinformed.

[UrMomReadsHN]

My insurance excludes coverage for neglect.

Neglect is defined as "neglect of an insured to use all reasonable means to save and preserve property at and after the time of loss."

My insurance adjuster also asked me specifically about deadbolts.