Best unhackabele smart lock

[lenovomen]

Hello All,
 

I bought a Sherlock Smart Lock S3 smart lock, then read about how secure it is. I found a Spanish article describing how to hack it. 
 

Link:

 

I do not understand something in the description. When I use a Bluetooth remote control for my Sherlock lock, the lock is considered as secure as the Nuki? If I understand correctly, the code was decrypted on the client side. The remote cannot be accessed by hackers to decrypt the code. Is the code always decrypted on the client side? Or is it also possible via Bluetooth transmission?

 

My question is: which is the most secure smart lock on the market now? 

Seguridad en cerraduras inteligentes.pdf

[Sauron]

There is no such thing as an "unhackable" smart lock and even if there was there's no guarantee it couldn't be opened more easily through a physical exploit.

 

I don't speak spanish but I speak Italian which is close enough - from what I understand the researchers just intercepted the packets that were sent to and from the lock via bluetooth and repeated them to access it. No decryption is necessary, you just need to know the correct sequence of messages for that lock and send them to it via bluetooth. A less lazy implementation would probably have had the lock send a random number sequence to the phone, then expect the phone to send that sequence back after encrypting it with the secret key; this way simply replicating the same message sequence wouldn't have worked.

[BiotechBen]

Apart from self destructing when tampered with, anything is hackable in theory, it's just a matter of time and resources. Even if you were to have 512-bit encryption, it's "possible" to crack it, it could be that it takes 20 seconds and the sequence is guessed on the 5th try, or 2.9x10^32 years .

[jaslion]

Can you hack it? Totally just give it time or someone motivated enough.

 

But in reality a crowbar is all that is needed and the door will be opened.

[lenovomen]

18 minutes ago, jaslion said:

Can you hack it? Totally just give it time or someone motivated enough.

 

But in reality a crowbar is all that is needed and the door will be opened.

I don't want to physically protect the door. Just to prevent illegal entry into my house without a trace. 

[lenovomen]

25 minutes ago, Sauron said:

There is no such thing as an "unhackable" smart lock and even if there was there's no guarantee it couldn't be opened more easily through a physical exploit.

 

I don't speak spanish but I speak Italian which is close enough - from what I understand the researchers just intercepted the packets that were sent to and from the lock via bluetooth and repeated them to access it. No decryption is necessary, you just need to know the correct sequence of messages for that lock and send them to it via bluetooth. A less lazy implementation would probably have had the lock send a random number sequence to the phone, then expect the phone to send that sequence back after encrypting it with the secret key; this way simply replicating the same message sequence wouldn't have worked.

This does not sound good. So Xiaomi is not safe at all. The nuki seems to be a better choice. Question if I use it only with remote switch the Nuki smart lock. Can they decrypt the code? Or not because they don't know what the client and server are using from the long code?

[jaslion]

3 minutes ago, lenovomen said:

I don't want to physically protect the door. Just to prevent illegal entry into my house without a trace. 

Then a lock with a key is still best. There are security keys that are nearly impossible to recreate so unless a key gets stolen and copied somehow (at that point theyll just use the stolen key) there isn't a real sneaky way to get in through the door that doesn't involve more forcefull measures.

 

As is key here. These smart devices WILL get broken in to as they WILL STOP BEING UPDATED and thats a problem that has been around since the beginning.

[Sauron]

8 minutes ago, lenovomen said:

Just to prevent illegal entry into my house without a trace. 

just install a security camera and point it to your door.

[lenovomen]

7 minutes ago, Sauron said:

just install a security camera and point it to your door.

Yes. This is also a good solution. The question is what brand should I choose that is not accessible to the government or police etc? 

[lenovomen]

Question: is the Nuki a good choice for remote control only? Or after a while, would it still be unsafe due to lack of updating?

[mariushm]

It's enough to look at the latest LockpickingLawyer videos on Youtube to figure out that smart locks are a joke when it comes to security

Here's his channel : https://www.youtube.com/c/lockpickinglawyer/videos

 

Some random smart locks