Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Please Use CODE Tags

Best unhackabele smart lock

lenovomen
By lenovomen
in Programming
 Share
Posted

Hello All,
 

I bought a Sherlock Smart Lock S3 smart lock, then read about how secure it is. I found a Spanish article describing how to hack it. 
 

Link: Seguridad%20en%20cerraduras%20inteligent

 

I do not understand something in the description. When I use a Bluetooth remote control for my Sherlock lock, the lock is considered as secure as the Nuki? If I understand correctly, the code was decrypted on the client side. The remote cannot be accessed by hackers to decrypt the code. Is the code always decrypted on the client side? Or is it also possible via Bluetooth transmission?

 

My question is: which is the most secure smart lock on the market now? 

Seguridad en cerraduras inteligentes.pdf

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

There is no such thing as an "unhackable" smart lock and even if there was there's no guarantee it couldn't be opened more easily through a physical exploit.

 

I don't speak spanish but I speak Italian which is close enough - from what I understand the researchers just intercepted the packets that were sent to and from the lock via bluetooth and repeated them to access it. No decryption is necessary, you just need to know the correct sequence of messages for that lock and send them to it via bluetooth. A less lazy implementation would probably have had the lock send a random number sequence to the phone, then expect the phone to send that sequence back after encrypting it with the secret key; this way simply replicating the same message sequence wouldn't have worked.

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

What is scaling and how does it work? Asus PB287Q unboxing! Console alternatives :D Watch Netflix with Kodi on Arch Linux Sharing folders over the internet using SSH Beginner's Guide To LTT (by iamdarkyoshi)

Sauron'stm Product Scores:

Spoiler

Just a list of my personal scores for some products, in no particular order, with brief comments. I just got the idea to do them so they aren't many for now :)

Don't take these as complete reviews or final truths - they are just my personal impressions on products I may or may not have used, summed up in a couple of sentences and a rough score. All scores take into account the unit's price and time of release, heavily so, therefore don't expect absolute performance to be reflected here.

 

-Lenovo Thinkpad X220 - [8/10]

Spoiler

A durable and reliable machine that is relatively lightweight, has all the hardware it needs to never feel sluggish and has a great IPS matte screen. Downsides are mostly due to its age, most notably the screen resolution of 1366x768 and usb 2.0 ports.

 

-Apple Macbook (2015) - [Garbage -/10]

Spoiler

From my perspective, this product has no redeeming factors given its price and the competition. It is underpowered, overpriced, impractical due to its single port and is made redundant even by Apple's own iPad pro line.

 

-OnePlus X - [7/10]

Spoiler

A good phone for the price. It does everything I (and most people) need without being sluggish and has no particularly bad flaws. The lack of recent software updates and relatively barebones feature kit (most notably the lack of 5GHz wifi, biometric sensors and backlight for the capacitive buttons) prevent it from being exceptional.

 

-Microsoft Surface Book 2 - [Garbage - -/10]

Spoiler

Overpriced and rushed, offers nothing notable compared to the competition, doesn't come with an adequate charger despite the premium price. Worse than the Macbook for not even offering the small plus sides of having macOS. Buy a Razer Blade if you want high performance in a (relatively) light package.

 

-Intel Core i7 2600/k - [9/10]

Spoiler

Quite possibly Intel's best product launch ever. It had all the bleeding edge features of the time, it came with a very significant performance improvement over its predecessor and it had a soldered heatspreader, allowing for efficient cooling and great overclocking. Even the "locked" version could be overclocked through the multiplier within (quite reasonable) limits.

 

-Apple iPad Pro - [5/10]

Spoiler

A pretty good product, sunk by its price (plus the extra cost of the physical keyboard and the pencil). Buy it if you don't mind the Apple tax and are looking for a very light office machine with an excellent digitizer. Particularly good for rich students. Bad for cheap tinkerers like myself.

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Apart from self destructing when tampered with, anything is hackable in theory, it's just a matter of time and resources. Even if you were to have 512-bit encryption, it's "possible" to crack it, it could be that it takes 20 seconds and the sequence is guessed on the 5th try, or 2.9x10^32 years .

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Can you hack it? Totally just give it time or someone motivated enough.

 

But in reality a crowbar is all that is needed and the door will be opened.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
18 minutes ago, jaslion said:

Can you hack it? Totally just give it time or someone motivated enough.

 

But in reality a crowbar is all that is needed and the door will be opened.

I don't want to physically protect the door. Just to prevent illegal entry into my house without a trace. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
25 minutes ago, Sauron said:

There is no such thing as an "unhackable" smart lock and even if there was there's no guarantee it couldn't be opened more easily through a physical exploit.

 

I don't speak spanish but I speak Italian which is close enough - from what I understand the researchers just intercepted the packets that were sent to and from the lock via bluetooth and repeated them to access it. No decryption is necessary, you just need to know the correct sequence of messages for that lock and send them to it via bluetooth. A less lazy implementation would probably have had the lock send a random number sequence to the phone, then expect the phone to send that sequence back after encrypting it with the secret key; this way simply replicating the same message sequence wouldn't have worked.

This does not sound good. So Xiaomi is not safe at all. The nuki seems to be a better choice. Question if I use it only with remote switch the Nuki smart lock. Can they decrypt the code? Or not because they don't know what the client and server are using from the long code?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 minutes ago, lenovomen said:

I don't want to physically protect the door. Just to prevent illegal entry into my house without a trace. 

Then a lock with a key is still best. There are security keys that are nearly impossible to recreate so unless a key gets stolen and copied somehow (at that point theyll just use the stolen key) there isn't a real sneaky way to get in through the door that doesn't involve more forcefull measures.

 

As is key here. These smart devices WILL get broken in to as they WILL STOP BEING UPDATED and thats a problem that has been around since the beginning.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
8 minutes ago, lenovomen said:

Just to prevent illegal entry into my house without a trace. 

just install a security camera and point it to your door.

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

What is scaling and how does it work? Asus PB287Q unboxing! Console alternatives :D Watch Netflix with Kodi on Arch Linux Sharing folders over the internet using SSH Beginner's Guide To LTT (by iamdarkyoshi)

Sauron'stm Product Scores:

Spoiler

Just a list of my personal scores for some products, in no particular order, with brief comments. I just got the idea to do them so they aren't many for now :)

Don't take these as complete reviews or final truths - they are just my personal impressions on products I may or may not have used, summed up in a couple of sentences and a rough score. All scores take into account the unit's price and time of release, heavily so, therefore don't expect absolute performance to be reflected here.

 

-Lenovo Thinkpad X220 - [8/10]

Spoiler

A durable and reliable machine that is relatively lightweight, has all the hardware it needs to never feel sluggish and has a great IPS matte screen. Downsides are mostly due to its age, most notably the screen resolution of 1366x768 and usb 2.0 ports.

 

-Apple Macbook (2015) - [Garbage -/10]

Spoiler

From my perspective, this product has no redeeming factors given its price and the competition. It is underpowered, overpriced, impractical due to its single port and is made redundant even by Apple's own iPad pro line.

 

-OnePlus X - [7/10]

Spoiler

A good phone for the price. It does everything I (and most people) need without being sluggish and has no particularly bad flaws. The lack of recent software updates and relatively barebones feature kit (most notably the lack of 5GHz wifi, biometric sensors and backlight for the capacitive buttons) prevent it from being exceptional.

 

-Microsoft Surface Book 2 - [Garbage - -/10]

Spoiler

Overpriced and rushed, offers nothing notable compared to the competition, doesn't come with an adequate charger despite the premium price. Worse than the Macbook for not even offering the small plus sides of having macOS. Buy a Razer Blade if you want high performance in a (relatively) light package.

 

-Intel Core i7 2600/k - [9/10]

Spoiler

Quite possibly Intel's best product launch ever. It had all the bleeding edge features of the time, it came with a very significant performance improvement over its predecessor and it had a soldered heatspreader, allowing for efficient cooling and great overclocking. Even the "locked" version could be overclocked through the multiplier within (quite reasonable) limits.

 

-Apple iPad Pro - [5/10]

Spoiler

A pretty good product, sunk by its price (plus the extra cost of the physical keyboard and the pencil). Buy it if you don't mind the Apple tax and are looking for a very light office machine with an excellent digitizer. Particularly good for rich students. Bad for cheap tinkerers like myself.

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
7 minutes ago, Sauron said:

just install a security camera and point it to your door.

Yes. This is also a good solution. The question is what brand should I choose that is not accessible to the government or police etc? 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Question: is the Nuki a good choice for remote control only? Or after a while, would it still be unsafe due to lack of updating?

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programming

×