[ale] Linux based door locks

Scott Plante splante at insightsys.com
Thu Jan 21 18:40:59 EST 2021 

Very few locks, electronic or otherwise, are very secure.
I get a kick out of the "Lock Picking Lawyer" channel sometimes:
https://www.youtube.com/c/lockpickinglawyer

While he does a lot of traditional lock picking, he also highlights some
shockingly easy lock bypasses like just looping over the inside handle with
film or string. e.g.
https://youtu.be/byYGPO4ptxs

A lot of the expensive corporate electronic locks can be defeated with a
magnet held in the right place, apparently. That video isn't coming up in
my history search quickly though.

The DefCon hacker conference usually has sessions on physical security
bypasses too. e.g.
https://youtu.be/3yKZqiYGYnA

Scott

On Thu, Jan 21, 2021 at 5:26 PM DJ-Pfulio via Ale <ale at ale.org> wrote:

> The DC404 email list might be worth checking out. Picking door locks of
> any sort are part of what a "red team" does.
>
> From just lurking, I get the impression that very few electronic door
> locks are actually secure. That industry has some crazy and terrible ideas
> when it comes to keyless entry. As with all things security, one-size
> doesn't fit everyone. The threats and attack vectors are key to
> understanding what level of effort and cost should be involved. A few hours
> spent searching, reading, and on youtube watching failed attempts at door
> security systems won't be wasted.
>
> OTOH, if you are trying to secure the outside shed with a doggy door and
> 20+ yr old lawn mower that currently has an $8 "Master Lock" (most are
> trivial to open), have fun and do whatever it is that you prefer.
>
> What is the actual threat model?  Perhaps a $cheap keyless entry system
> and webcam posting photos over a cellular data connection to a cloudy
> server you control every 10-30 seconds is the smarter solution?
> A battery powered circular saw can get into most homes in 2 minutes, if
> noise isn't any concern, but those guys will probably still be caught on
> video, especially if you have where they'd park in video coverage. DDG:
> "hacking electronic locks" for fun.
>
> Be careful hooking any lock into any voice activated cloudy "hub". Most
> IoT systems aren't anywhere near secure and certainly aren't private.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20210121/6a1792d0/attachment.html>

More information about the Ale mailing list