August Smart Lock
august.comLocks are the kind of thing that you don't want computerized unless it involves biometrics. The 'tech-it-all' attitude is getting kind of tiresome. I've had newer washers with spin alignment sensors that break every year as oppose to my old analog washer that lasted 20 years.. A lock simply shouldn't have any hackable components. A microcontroller with wireless connectivity inside of a lock is the kind of ignorance that the 'omg, tech' attitude invites. As much as I like technical people, there are some folk who will orgasm at anything that has a microcontroller on it - I'm kind of ashamed of those folk - tech is a means to an end, not something you need to turn everything into.
I will say this is very cool though. I would not use it or recommend others do because the components and firmware are NOT open-source, and therefore it cannot be audited and is a HUGE security risk.
It seems cool but I have a couple of concerns. Firstly, how exactly is it detecting when someone is nearby? The iPhone doesn't have NFC for example and GPS isn't exactly the most accurate thing in the world. Secondly, it seems as though the device somehow connects to a front panel with a direct shaft to move the lock mechanism, it seems as though it would be fairly easy to compromise with a bit of brute force. How solid is the front panel? The large size also gives a lot of leverage for breaking off.
The site says it uses Bluetooth and attaches to a standard deadbolt (that panel is presumably only on the inside of the door).
It's not particularly difficult to use two devices to act as a bluetooth mirror and rob someone's house by just walking next to them for 5 seconds.
I doubt the phone is just constantly broadcasting an unlock code. If it's correctly designed, the lock and the phone would authenticate each other cryptographically using a nonce or time/date to prevent replay attacks.
And that doesn't mean anything when the signal is mirrored in duplex. We're talking about EMG, a wireless signal, not quantum bits that can be secured against reflection.
It isn't a man-in-the-middle attack, because nothing is being altered, crypto doesn't mean shit.
I'd call it a man-in-the-mirror attack ;-) The receiver/sender can't tell the difference.
Automatic unlock is a huge vulnerability.
I would not trust a company that doesn't bother to even mention these issues, even if they've defeated them, which I highly highly doubt. This product plays on the convenience factor, and does not really address anything technical. Cute, but no thanks. I'd rather have a safe house than a hipsterly cute one.
Say it with me now:
Physical locks aren't unbreakable. A deadbolt does not make your house a fortress.
I am all for good data security here, but if someone has targeted you to the point of following you around to clone your phone's interaction with your front door, I am pretty sure the glass windows provide a far easier target. Most of them can be just lifted out of their frame.
Yes, it could be breakable. No, it is no less secure than an existing deadbolt. Threat model matters.
I'm not 5. I don't need to 'say it with you now.' Take that smug attitude and shove it up your ass.
Physical locks with heavy-set sprung pins, double shear lines, mushroom pins, and additional security features can be almost unbreakable given the amount of effort and noise that picking or breaking them will incur.
Your post is a contrite logical fallacy. The bluetooth mirror is trivial to execute once the mirror is created. No one has to 'follow around', they walk next to you for 2 seconds, and the signal is transferred bidirectionally, the door unlocks.
Yes, it is way less secure than an existing deadbolt. Your post is akin to saying a new operating system is secure because no viruses have been coded for it. And we might as well put shitty locks on our doors, because they can break in through the window anyways..right..and no one has bars on their windows, because you don't?
Now, say it with me: "I'm okay with lax security, so everyone else should be too."
Also say: "I don't know shit about pin-tumbler locks, so I can make posts about security to misinform other people."
Now slap yourself twice for being a dolt. Thanks, class. Now back to nap time.
If you alter nothing when you replay the signal later, the door won't open because the "number used once" was used twice and/or the timestamp is wrong.
In order to arbitrarily generate a correct unlock signal, you would need to know the phone's key so as to encrypt and sign an unlock message containing the correct date. You can't do that unless you've broken the crypto.
Are you talking about moving the radio signal between the victim and the door live while he's out and about? That's clever, but the attack could be easily precluded by requiring his approval (on the phone) before sending an unlock message. Which he won't give unless he's at his front door.
I see the product includes Automatic Unlock as a feature, but as long as it's optional I see no problem. Unless your threat model includes Oceans 11-style thieves and government agents, that's pretty freaking unlikely; anyone that sophisticated would probably have an easier time picking your $25 deadbolt, social engineering the landlord, breaking a window, etc. anyway.
If your threat model does include these things, what are you doing buying consumer security hardware anyway?
The threat model will eventually include these things if automatic unlock becomes the norm. Why be the first to experience theft at the hands of someone savvy enough to have an EMG mirror. It's not hard to make an EMG mirror for bluetooth frequencies with two arduinos or rasberry pi. It's literally a weekend project. I don't know why you're saying this attack requires Ocean's Eleven style planning. It's more of an amateur hobby project than anything intellectually clever.
And you can buy one for less than $100: http://www.sena.com/products/industrial_bluetooth/sd1000.php
So let me see, EV of robbery equals: Price of macbook + tv + jewelry, etc, etc, etc minus $100
Seems likely that you are gonna be robbed if anyone with mal-intention has any grain of understanding how easy it is to mirror an auto unlock signal...
Kwikset is already the norm, but the burglars in my area almost exclusively hit open garages, break windows, or pry open doors.
Picking and bumping these locks requires cheap, dumb hardware and minimal skill. Your attack requires two operatives and some tradecraft - choose a target that uses August and has auto-unlock turned on, shadow him, get within Bluetooth range at an opportune time, etc. It requires planning, skill, and coordination. That's a bit harder than bumping a Kwikset or breaking a window.
Also, some possible electronic countermeasures (in software):
1) Confirm proximity to the door with a GPS fix before sending an unlock signal. Require confirmation if location is unavailable. Yes, civilian GPS can be spoofed, but that's a pretty sophisticated hack for a burglar. We're now at a difficulty level on par with defeating even the most expensive mechanical locks.
2) Always ping the user when an automatic unlock signal is sent. If your phone tells you it's just opened your door while you're at Starbucks, you know there is an intrusion in progress and you can call the police.
Correct me if I'm wrong, but can't somebody pull the batteries out from the outside and lock you inside your house?
no, that's on the inside. it replaces the "knob". the keyhole/tumbler remains on the outside so that it can be opened with a key.