Platform Security

While I agree that dumb locks and windows can be broken, by their nature connected devices are even more vulnerable. Most of the “smart” locks have all the vulnerabilities that dumb locks do based on physical exploits, plus all of the software based vulnerabilities as well. Plus, the scale at which devices could be defeated is a few orders of magnitude larger.

Old fashioned bad guy decides to break into old fashion lock. He breaks into one house.

Evil genius hacker bad guy disables ALL ABC Corp. smart locks across the tri-state area. Organized criminal gang hits 1000s of houses.

Of course in either case, if you live in the house being robbed, your stuff is just as gone.

And that is why we all carry insurance.

Seriously…

You can’t stop the bad guys. Only make you less of a target.

Buy a barking dog, or a sonos with a motion sensor that sounds like a barking dog.

Get a sign that says protected by remotely monitored alarm and surveillance. (doesn’t matter if its real, until the neighbor gets broken into and wants to see your footage)

The sky is falling, my door locks are hackable… Yeah, so is the computer you are on. Your identity is 100x times more likely to be stolen then the stuff behind a smart lock in your house.

Oh, and thankfully we still have law enforcement that will catch organized crime syndicates breaking into 1000s of houses. But then again, they have moved on to stealing identities and internet currencies anyway. They don’t want to have to carry my stuff out of my house when they can steal something that is weightless.

It’s a simple paradigm, why steal what you have to carry, when you can steal from 1000s without leaving your home?

No one is going to hack your home and unlock your doors and steal all your stuff. Yeah, some guy, somewhere claimed it happened. I read it on the internet.

Anyway. Security is an illusion. Don’t believe me, have you flown recently? Most important TSA number, how many people through the screening per hour. Not how many terrorists they have stopped.

But then again, if you see a black van parked down the street with the windows blacked out, you might want to block the door with something and bar the windows… Just saying…

1 Like

[quote=“ADamL, post:6, topic:19766”]
I would recommend that most people stay away from smart locks, garage openers, etc anything that can compromise the physical security of their dwelling unless the upsides far outweigh the downside, such as the case with people with disabilities. Stick to monitoring and lights. Maybe smart thermostats. Anything more too risky until this market is more mature.
[/quote]My house has a multitude of large windows and sliders at grade, so they are the weak link (openable via any large heavy object.) Not ever having to have a key, being able to give one use codes out to guests or workers, being able to remote unlock/lock the doors is priceless.

For me, the simple rule of automated doors is never automatically unlock them. As you said, persons with disabilities would probably be willing to exchange the additional risk of incorrect unlocking as well.

1 Like

Why is there any more risk in automatically unlocking based on presence sensors? As long as you’re intelligent about it and have the doors re-lock, you’re not really putting your home at more risk than with manual ‘connected’ locks.

1 Like

Simply due to false positives unlocking your door. Assuming it’s got a keypad anyway, you’re saving yourself the hassle of either punching in the code, pressing a button on a keyfob, or at worse using the app to unlock the door, for the risk of having smarthings unlock your door because it decided you were “home”.

I wouldn’t do it, but that’s just me.

Plus, why would you want your doors to be unlocked when you are home? I just use the auto lock feature and code entry parts of door locks. That way my doors are always locked and I can get in.

Tying a presence sensor to a door unlocking is a perfect example of I can do it, but should I do it?

Why would your mobile phone presence sensor show you as home when you’re no where near it? That’s really the only additional risk compared to limiting access to a PIN. If it’s tied to your ST hub, it’s at the same risk level, aside from a mobile presence error.

I’ve not ONCE seen ST mistakenly show a device ‘home’ when it was not. I have seen it the other way around, which is fine with me. I can see your fear of having the lock ‘connected’ at all, and it’s valid, but tying it to presence doesn’t change it much, and sure makes it handy when you’re walking up with arms full of groceries.

So, you arrive home, your doors unlock. Sure that’s convenient.

You are about to go to bed, you lock the doors.

The presence device hiccups and marks you away (default state) comes back online and now your code unlocks the door.

For the rest of the night, you are sleeping in a house with unlocked doors.

Sure, you could restrict the time, but seriously, same scenario exists during the day. You thought you locked the door, presence hiccups, it unlocks.

You take a shower or are in the basement and a “door to door” salesman comes to the door, looks in the window, sees no one is home, see’s that expensive gadget on the counter, tries the door, its unlocked… Easy pickings.

Again, not ST’s fault per sea, its really a user usage. Sure I’d like presence sensors and devices to be 100% accurate but that isn’t going to happen.

Do people actually allow the door to stay unlocked? Mine is set to a max of 120 seconds before re-locking, regardless of the contact sensor seeing activity.

1 Like

… which should definitely be a setting in the stock offering, but is not.

I’ve seen it show iPhones as home when across town, or when driving by the house at 65MPH 2 miles away, or when at home (doing the “weirdly away… no wait, home” dance.)

Android isn’t much better. Presence fobs aren’t either. For example, I have a fob that is sitting by the hub - it never moves, it just sits there. It shows itself as away at least a few times a week.

The FOB disappearing shouldn’t be a huge problem, but yeah I see there being a slight risk in these super rare situations, but then the door will re-lock after your timeout.

The fob teleporting and returning is rare for some people, but frequent for others. Mine leaves many times a day, due to local WiFi interference. I spent months working with support, no fix.

So I instituted an occupancy approach as described below. It still teleports, but it no longer triggers actions when it does.

This solves most of the examples given in this thread. :sunglasses:

1 Like

I think that’s a neat solution, but you could solve the coming and going with a bit of logic… Like, unless the presence sensor is gone for at least 30 minutes, do not unlock on arrival. That sort of stuff. You could probably also use an IFTTT/tasker solution where your phone uses Wi-Fi to also help trigger occupancy.

1 Like

A possibly “ideal” high-security configuration is two-factor authentication for your lock!

i.e., Your lock PIN pad code should not function unless your presence device also indicates “present”.

If you don’t have a PIN pad on the lock or want an alternative 2FA method regardless, you can and use carry a multi-Button Controller instead. They only work when “in range”, are securely related to your hub (ie, cannot be spoofed), and thus it is an excellent physical token that only “activates” upon PIN entry.

I want to get my associated SmartApp out of Beta… But this demonstrates the concept.

Ideal for some people. Not for those of us who need a touch-free solution.

1 Like

Yup, the eternal conflict between easy to use / accessible and highly secure / stable.

3 Likes

Where one factor is “entered unlock code” :wink:

1 Like

Yes. I thought that was clear when I referred to the lock’s built in PIN keypad.

The second factor is some sort of personal presence identification device.

If the lock does not have a keypad or you enter via automated garage, etc., there are plenty of options (unlock phone to activate Bluetooth lock, etc, or my Button Controller SmartApp I shamelessly promote.).

This would be great!