this post was submitted on 06 Sep 2023
223 points (95.9% liked)

No Stupid Questions

35703 readers
3813 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 1 year ago
MODERATORS
 
top 50 comments
sorted by: hot top controversial new old
[–] slazer2au@lemmy.world 112 points 1 year ago (8 children)

Less. Look at any Lockpicking Lawyer video on YouTube as he demonstrates in real time how bad they are. Most of his videos are under 5 min

If you want to really turn yourself off smart locks check out any DefCon talk about smart locks or "smart" devices in general.

[–] dogslayeggs@lemmy.world 87 points 1 year ago (1 children)

And most dumb locks can also be picked in under 5 minutes. The difference is a smart lock can alert me when someone who isn't me opens the door or leaves it open. Of course, most burglars are just going to break a window to get in.

[–] Madison420@lemmy.world 25 points 1 year ago (2 children)

There should be a separation between fully mechanical locks with electronic monitoring (ideal) and a mechanical lock with vital electronic components.

load more comments (2 replies)
load more comments (4 replies)
[–] Izzy@lemmy.world 71 points 1 year ago (5 children)

If there is no keyhole to pick then it is probably marginally more secure, but if a burglar wants to get into your home then no door lock is going to stop them. They could just break it or break your windows.

[–] stevehobbes@lemm.ee 46 points 1 year ago (4 children)

This is it. The weakest part of most doors is the door. A sledge hammer will go through a door or window regardless of the lock.

Smart locks are way more convenient and the ability to grant timed access and unique access controls probably makes them more secure.

load more comments (4 replies)
[–] mojo@lemm.ee 20 points 1 year ago (1 children)

Nah, that's why I run linux

load more comments (1 replies)
[–] silentdon@lemmy.world 11 points 1 year ago* (last edited 1 year ago)

I had a metal door and an iron gate inside with shitty locks. Burglers broke the locks and got in.

I replaced the door and got great locks. The locks held up fine but they broke the gate right out of the wall and got in.

If someone wants to get in, they will.

load more comments (2 replies)
[–] fubo@lemmy.world 49 points 1 year ago (6 children)

Against what sort of attack? Who's the attacker? What capabilities do they have? What do they want?


There's a saying, "locks are to keep your friends out." If someone really means you harm, a lock is not going to keep them out: they can smash a window, break down the door, or hit you with a rubber hose until you give them your keys or passwords. This applies no matter what kind of lock you have.

But a lock represents a social barrier: everyone knows that trying to defeat someone else's lock is a hostile act. The law recognizes this in many places: breaking-and-entering is a more severe crime than trespassing.

A lock may slow down an attacker. It may redirect an attacker to go after your neighbor's stuff instead of your stuff — but not if everyone has locks.


A password lock has some advantages over a key lock. You don't have to issue physical keys to everyone you want to allow in. Many allow you to create and revoke passwords separately — so you can grant a friend access to your house while you're away, and then revoke it when they no longer need it.

However, a password lock also has some disadvantages. If you give a password to one person, that person can easily give it to everyone. That's a lot harder with a physical key, because they'd have to go make a lot of copies of that key — which, if nothing else, costs money and time.

A computerized lock can create an audit trail: it can record when it was opened, and even which credentials (passwords, keys, ...) were used to unlock it.

Any lock can have vulnerabilities — most common key locks can be picked; computerized locks can be attacked through their computer hardware or software.

[–] Late2TheParty@lemmy.world 31 points 1 year ago (1 children)

Thanks for reminding me of this XKCD gem!

https://xkcd.com/538/

[–] fubo@lemmy.world 18 points 1 year ago (1 children)

https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis

In cryptography, rubber-hose cryptanalysis is a euphemism for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or torture—such as beating that person with a rubber hose, hence the name—in contrast to a mathematical or technical cryptanalytic attack.

load more comments (1 replies)
[–] cloudless@feddit.uk 8 points 1 year ago (2 children)

It is for a house in a residential area, and I don't keep a lot of valuables in the house. I wish I knew who the attacker would be, so I can catch them with pre-crime.

[–] fubo@lemmy.world 12 points 1 year ago* (last edited 1 year ago) (3 children)

If you're concerned about burglars, one problem is that if they decide to hit your house, they can just break a window.

Where I live, burglars often hit cars rather than houses; and they're very willing to break windows to get in, especially if they see something valuable in the car. They spend no time trying to defeat the locks — hell, some don't even check if the car is locked. They're pros; they've practiced smashing a window and looting the car quickly.

A lot of the loss due to burglary is the damage the burglar does on the way in, rather than the value of the things stolen. And upgrading locks does nothing to reduce this.

Maybe instead of upgrading your locks, you might be better off spending the same amount of money upgrading your insurance?

load more comments (3 replies)
load more comments (1 replies)
load more comments (4 replies)
[–] zxqwas@lemmy.world 45 points 1 year ago (2 children)

They have a regular backup cylinder that has all the vulnerabilities of a regular lock.

On top of that they have a bunch of electronics that can be vulnerable.

I can't see how it would be possible for them to be more secure unless you're someone who leaves their keys around a lot and a smart lock would let you not have a key on you.

[–] lud@lemm.ee 13 points 1 year ago

They don't have to have a backup cylinder. The most common kind (Yale doorman) where I live doesn't have one. If the Internal battery goes out you can plug in a 9V battery from the outside to power it.

[–] Tnaeriv@sopuli.xyz 12 points 1 year ago

Even worse, quite often those backup locks are very cheap

[–] rufus@discuss.tchncs.de 39 points 1 year ago (2 children)

Thieves don't pick locks or hack them. You mostly want to protect against brute force.

[–] UPGRAYEDD@lemmy.world 22 points 1 year ago* (last edited 1 year ago) (7 children)

I worked for a company that designed home security devices for a few years.. Pretty much everyone i talked to agreed there is only 1 actually good security device that is an effective deterrent. Its called "Large Scary Dog". Every other device is there just to notify you that all your shit is soon to be or already gone.

On the other hand, these digital locks, while not any safer, are much more convenient. I am all in on not having to carry keys and instead have a code to enter or some other easy access.

[–] c0mbatbag3l@lemmy.world 8 points 1 year ago (2 children)

Most dogs are fine if you just carry treats and act polite. I've seen plenty of dogs just let intruders in because they were kind to them.

load more comments (2 replies)
load more comments (6 replies)
[–] kryptonianCodeMonkey@lemmy.world 22 points 1 year ago (3 children)

A lock is never weaker than a window. If someone wants in your house, there are ways that don't have anything to do with your locks. Locks of any quality largely work by deterrence, rather than actual pickability or durability. If I have to literally break something to get in, I'm drawing attention to myself and immediately putting a count down on my robbery before a cop shows up or witnesses get a better look at me, my vehicle, etc. So it's already not worth it for most petty thieves.

[–] variants@possumpat.io 17 points 1 year ago (1 children)

when some thieves broke into my neighbors house they first rang the door bell a few times to make sure no one was home, after that they hopped the fence and went window to window until they found one that was unlocked and went in that way

Yup. Path of least resistance

load more comments (2 replies)
[–] betwixthewires@lemmy.basedcount.com 39 points 1 year ago (12 children)

Anything with added complexity will have a larger attack surface and more failure modes.

load more comments (12 replies)
[–] booly@sh.itjust.works 39 points 1 year ago (2 children)

Things might be different by now, but when I was researching this I decided on the Yale x Nest.

It's more secure than a keyed lock in the following ways:

  • Can't be picked (no physical keyhole).
  • Codes can be revoked or time-gated (for example, you can set the dog walker's code to work only at the time of day they're expected to come by).
  • Guest codes can be set to provide real-time notifications when used.
  • The lock keeps a detailed log of every time it's used.
  • The lock can be set to automatically lock the door after a certain amount of time.

It's less secure than a physical traditional lock in the following ways:

  • Compromise of a keycode isn't as obvious as losing a key, so you might not change a compromised keycode the same way you might change a lost key.
  • People can theoretically see a code being punched in, or intercept compromised communications to use it.
  • Compromised app or login could be used to assign new codes or remotely unlock

It's basically the same level of security in the following ways:

  • The deadbolt can still be defeated with the same physical weaknesses that a typical deadbolt has: blunt force, cutting with a saw, etc.
  • The windows and doors are probably just generally weak around your house, to where a determined burglar can get in no matter what lock you use.
  • Works like normal without power or network connection (just can't be remotely unlocked or reprogrammed to add/revoke codes if not online)

Overall, I'd say it's more secure against real-world risk, where the weakest link tends to be the people you share your keys with.

[–] T156@lemmy.world 16 points 1 year ago (1 children)

Some smart locks are vulnerable to being manipulated with a magnet, if they're poorly designed, since someone can just manipulate the motor from outside.

load more comments (1 replies)
[–] zik@lemmy.world 10 points 1 year ago* (last edited 1 year ago) (1 children)

But since smart locks generally also have a traditional mechanical mechanism for backup, aren't they inherently always less secure than a traditional lock since you can find the weakest link in either of the two mechanisms?

[–] Bongles@lemm.ee 13 points 1 year ago (1 children)

Usually yes, but this person is saying theirs does not have a physical keyhole.

load more comments (1 replies)
[–] Hildegarde@lemmy.world 31 points 1 year ago (2 children)

Every one of the locks pictured have a traditional lock as a backup. Therefore, none of those smartlocks could ever be more secure. Even if the smart parts were 100% flawless, the lock will have all the weaknesses of a traditional door lock because one is included as a backup.

If you were to spend an equal cost on a lock, you will get more security from the traditional lock because all the budget can be spent on the lock instead of split between the lock and the electronics.

But how valuable is the security of the lock anyway? The weakest part of your home is the windows. If someone wanted to break into your house they can break your windows and climb through regardless what lock you have on the front door.

[–] fr_mg@lemmy.world 10 points 1 year ago

There is a movie from 1992 with Robert Redford, "Sneakers". It is about a team of hackers, in a scene they face a door with an unexpected smart lock and find the right strategy, just kick the f* door.

load more comments (1 replies)
[–] Treczoks@lemmy.world 31 points 1 year ago (1 children)

Ask the lockpicking lawyer. He regularly opens them on YouTube. On the other hand, he opens about anything. But those "smart" locks usually have additional weaknesses.

[–] Zikeji@programming.dev 10 points 1 year ago (1 children)

It's why I went with an inside only smart lock (I have an August that's been running like a champ for half a decade). A door lock is a deterrent in the first place, and I don't expect it to ever stop someone sufficiently motivated. Hell, I broke through an exterior door by accident when I was a young teen - haven't trusted them since.

However, if some cheat came out (like some of LPL's "just hold a powerful magnet" locks) I'd rather not have an obvious smart lock that can be picked out from the street.

[–] Treczoks@lemmy.world 7 points 1 year ago

Yep. As soon as you consider a lock, look up whether the LPL had it done, and how he rated it.

[–] HubertManne@kbin.social 24 points 1 year ago (2 children)

A smart lock with a keyhole is never going to be more secure than a standard key lock as it is a standard key lock. Now that being said if the door will let you know every time its opened you could possibly head something off

load more comments (2 replies)
[–] belzebubb@lemmus.org 18 points 1 year ago (1 children)

I know smartlocks have had their share of vulerabilities. I remember 3 or 4 years ago hearing about things such as sending codes un-encrypted over wifi or basing their security on MAC addresses alone. Both are practically a 'key on top of the doormat' travesty. THis may have got better. I think the issue is that manufacturers jump at a market without having much knowledge of IT security. Similar to whats happening with the connectivity of cars. The fact that most peeps in IT security(ok, they might lean towards the paranoid) will not have a smart lock on their house is enough for me for the time being.

[–] thann@lemmy.world 7 points 1 year ago

Yeah, the security of the commercial smart locks is a disaster, so I had to program my own lol

https://github.com/thann/doorbot

[–] Hazdaz@lemmy.world 18 points 1 year ago (2 children)

Far too many smart locks that are connected to a deadbolt use an actuator which can be tripped with a powerful magnet. No way would I trust them.

The LPL would have had to test them for me to trust them.

load more comments (2 replies)
[–] YoBuckStopsHere@lemmy.world 14 points 1 year ago (1 children)

A dog with a loud bark will always be more effective than any lock or security system. My border collie is a super lovable dog but her bark is designed to scare off wolves. It's sounds mean and scary. Truly one whose bark is worse than the bite. She hasn't ever bit a human but she pinned a pit bull that challenged her and gave him a bite to remember.

[–] over_clox@lemmy.world 17 points 1 year ago* (last edited 1 year ago)

My late father would say "A lock only keeps an honest man honest".

If a criminal really wants to break in, they'll find a way...

Edit: Meant to post that as a top level comment, but whatever LOL!

[–] JackbyDev@programming.dev 11 points 1 year ago* (last edited 1 year ago) (1 children)

It depends on your threat vector. In the academic sense they're less secure but if you often loan out keys they're more secure because you don't have to give someone the key. If you often forget to lock the door they're more secure because you can do it remotely.

load more comments (1 replies)
[–] CoughingwithCoffee@lemmy.world 11 points 1 year ago (2 children)

I feel sorry for my neighbor who has to repeat whatever phrase his smartlock accepts over and over while being locked out of his house.

[–] afraid_of_zombies@lemmy.world 39 points 1 year ago

I got a lock pick set and was pretty happy learning how to pick all the locks in my house. So I ran out to a hardware store to buy more padlocks and some other stuff. Come in the house and noticed I left the bag of padlocks I bought in my car. Go out to my car and noticed I forgot my keys. Head back and my door is locked. Locked out of my house and car. Through the window I can see my lock picking set on the kitchen table, mocking me.

I have decided to never share this story with my wife.

load more comments (1 replies)
[–] UncleBadTouch@lemmy.ca 9 points 1 year ago (1 children)

if someone wants in, a lock wont even slow them down. check out lock-picking lawyer

[–] Shurimal@kbin.social 9 points 1 year ago (8 children)

Burglars won't pick locks, though. Breaking the door, door fixture or the window next to the door is much faster, easier and requires very little skill.

load more comments (8 replies)
[–] MegaUltraChicken@lemmy.world 9 points 1 year ago

I pick locks as a hobby. Your door lock is almost never the point of attack. It's way easier to break the door or windows. Only time picking would be useful is if you need to conceal that you've entered, which burglars don't typically care about.

From what I've seen? Considerably less secure.

Many of them feature a normal pin-tumbler lock cylinder as a backup in case the electronics fail, and best case scenario it's going to be as mediocre as any old Kwikset hanging on the peg on the comedy aisle at Lowe's. So you're probably still vulnerable to key theft, key duplication, picking, combing, raking, jiggling, etc.

Then there's the electronics. A surprising number of them rely on either a solenoid to directly operate the latch/bolt, or a relay that energizes a motor to do the same, both of these are vulnerable to attacks by magnets. A stupid number of them are vulnerable to disassembly attacks. There are trace evidence attacks such as looking at the keypad and noticing where all the fingerprints are, there's just watching you dial the combination...

And the smart phone app driven ones...sure, let's send a signal that means "I just got home" across the internet. That sounds safe.

[–] AnalogyAddict@lemmy.world 8 points 1 year ago* (last edited 1 year ago)

In my case, definitely more secure. If I'd given my kids a key, my ex was likely to copy it without my knowledge. With a code, I could tell them to go ahead and give him the code if he pressured them, then just change it.

And I still have a non-electronic deadbolt.

load more comments
view more: next ›