94
cleus
74d

True 🔒

Comments
  • 6
    I’m still not entirely convinced that certain IoT devices are better than the mechanical alternatives (and things like security cameras don’t even have mechanical alternatives). Is there any research to suggest that houses with IoT locks, or IoT anything, have a higher break in rate? If someone really wants into to your house, they will break in regardless.

    With things like a thermostat I’d agree, things like that don’t need an internet connection, but in the future even your toaster will have an internet connection!
  • 5
    @52cal are you going to be entirely convinced after your iot isp "accidentally" leaks your data to third party? :D
  • 9
    Nah I'm not a paranoid tin foil hat wearing "muh dataa reeeee" screaming person.

    However, it's partially correct: A smart toaster us fucking stupid. Smart thermostats are 50/50. Smart fridges is 100% stupid. Smart locks are a no go.

    Smart lights, plugs, speakers, etc are all ok bc they genuinely do make life more convenient.
  • 0
    Real security !
  • 2
    @52cal future? Yesterday a salesman wanted to talk me into buying a laundry machine that could display its status on a dishwasher, fridge and thermostat.

    It's all fine. A good laundry machine should last between 10-15 years. The average Linux kernel/distro is supported for three. It's all fine.

    Seriously, if you buy IoT fridges, ovens, toasters, what not: you deserve the shit that you're getting from it 5 years from now.
  • 2
    @52cal they aren’t. All of that shit is either designed to spy on you in the first place or is riddled with security bugs, some of which you barely even need to know how to use a computer to exploit (because they are issues with the design itself)
  • 2
    @Stuxnet I’m kind of the same page with you there. Smart security cameras and door locks are just such an obvious no go it’s not even funny. Other stuff I could potentially see. Even then they have the potential to sniff network traffic and serve it up over NFC to somebody with the magic word, so I still worry about it.
  • 0
    We haven't even got a thermostat yet !
  • 1
    There was also third category: Security Technicians: *takes a deep swig of whiskey* I wish I had been born in the neolithic. https://twitter.com/juliagalef/...

    @Stuxnet It's not necessarily about 'muh data'.

    Mirai botnet and stuff like this looks like a future problem for me https://bbc.com/news/...
  • 1
    also "IoT is when your toaster mines bitcoins to pay off its gambling debts to the fridge" https://twitter.com/socrates1024/...
  • 1
    @qwwerty Did you miss the part where I said most of the devices were stupid? It's in there somewhere.
  • 6
    As someone who works security and specifically pentesting, mechanical locks are the worst thing to still be used. It's baffling how easy they are to pick, bump or shim.

    Unfortunately I rent, so no matter how advanced I try to make it, my front door still has to have a physical key. So I'm not gonna increase my attack surface more! But if I could REPLACE keys with digital locks? Yup.

    "But IoT devices are the end if the world!" Yup. I said digital. Internet connected front door deadbolt? Fuck no! NFC/Bluetooth? Hell yeah. At that point you still need to be within Bluetooth range of my house (usually 30-90 ft.) There's still vulnerabilities of course. But the barrier for entry into unlocking a Bluetooth lock is a lot higher than a 10$ pick set. At that point the wooden door is the issue.

    Software has problems. Zero days happen. And we're all doomed. But let's not pretend that mechanical is better.
  • 0
    @deadPix3l

    > It's baffling how easy they are to pick,

    > bump or shim.

    FX [ Nods in general agreement. ]

    Have you tried / thought of mechanical combination locks ?

    I put those on my doors as I couldn't figure out how to hack them. :-)

    Yes I know they wear out..

    And a bit of a pain to make replacement parts for. ;-)
  • 0
    You can also get magnetic key locks, though one might imagine those are easy to hack..

    https://en.wikipedia.org/wiki/...
  • 0
    @Nanos depends what you mean by combination locks? Like master lock dials? Again back to easy to shim. Or most of them have a keyhole on the back, which come back around to picking. (Although I've never actually tried that come to think of it)
  • 2
    Personally, there are instances where it is worth it to have the Internet connected device, and there are times where it its more likely to be a detractor.

    Internet enabled thermostat saves me money, doesn’t really cost any more money (bought mine for $75 and it’s great), and is super convenient.

    Do I want my refrigerator connected to the Internet though? Not really, because if it breaks I will be staring at some broken screen or feature on a fridge that could last 20 years. There are some interesting applications, but just not worth it to me.

    I am both a tech enthusiast and work in IT. I’m not overly optimistic or pessimistic about my IoT choices, I am pragmatic. There is no reason it has to be a black white thing.
  • 1
    @feature I can kind of see that? I can imagine how convenient having a thermostat on my lan would be. I've even thought about getting one.... But what does internet connected really add? On the lan I could control it from upstairs or in bed or anywhere within WiFi range. What more could you want?
  • 0
    Reposted so many times I can’t count.
  • 1
    @deadPix3l

    > What more could you want?

    Security so no one can easily hack it and wack it up to max, or freeze you out..
  • 1
    @deadPix3l

    > what you mean by combination locks?

    This kind of thing:

    Unless anyone can point me to resources on how to pick them, then I'll know not to get them again !
  • 1
    @Nanos so the important things to note there: look at the sides of the keys? Those black marks? It's the paint coming off. Unless it's really high end, those style of locks usually have issues where the button paint wears down over time. Notably more so on the buttons in the combo, reducing the keyspace.

    Other issues present in those styles but not all of them:

    Cheaper ones don't discern order. 3781 and 1783 are the same combo. What's important is that all the correct ones are pushed, and all the wrong ones aren't. This is not super common anymore with that style, mostly because with the previous issue, you might as well not even lock it.

    Some cheap ones also may give away which ones are right based on click feel if you can't tell by paint.

    In all my experience with that style, you can't push the same key twice, so a 4 digit PIN is not 10**4, it's 10*9*8*7 which is definitely smaller. Almost half.
  • 0
    @Nanos

    I'm by no means an expert. And I've never personally opened one of those types, but I've heard enough stories and seen enough talks and whitepapers to know that style is bad news.

    Maybe something like this is a more secure example?
  • 0
    @deadPix3l

    Isn't something like that going to be electronic ?
  • 0
    @deadPix3l

    > I've heard enough stories and seen enough

    > talks and whitepapers to know that style is

    > bad news.

    See I've missed those !

    But you make perfectly valid points about the paint wearing out issue on some of them.

    I could well imagine some models you could feel if you was pressing the right keys or not, as that is usually how you open combo locks.

    The ones I tried, I couldn't tell.

    Generally if I can't open it, I buy one. :-)

    As such I'm always trying to find out how to open things I might buy, so I can not buy them !

    If I move, I'm keen on ramparts for home protection..
  • 0
    @Nanos yes. And I believe this specific one is NFC and BLE enabled which kind of defeats my point.

    But some of the "less advanced" electronic ones are based on something like an atmega. No wireless connections, no smart features. Just a conductive keypad. But it's still better than mechanical because it allows for repeat numbers (fun fact: repeat numbers make PINs more secure within reason), ensures order matters, avoids wear marks (material depending. Also fingerprints may give it away), and a lower amount of moving parts prevents shims and bypass tools.
  • 1
    @Nanos if you're looking for good information on locks, and in depth security issues that most people don't touch, watch talks by deviant ollam. He does a lot about physical security.
  • 0
    I'm less keen on electronic for a few reasons:

    Usually not very robust exterior, eg. easily vandalised.

    Tend not to be very reliable, seems everyone I've ever known with electric ones has talked about when they stopped working !

    Mechanical ones, only when they wear out.. (Trick there, replace parts before they wear out after X hours of use, don't wait until you can't unlock it!)

    Often electric ones have solenoid latches which can be easily opened by a sharp knock to jolt them. (I know that is separate from the lock, but it can be quite time consuming to buy and test ones to find one that doesn't just open like that!)

    Flat batteries are an issue..

    (I had that recently, after installing what I thought was genuine 10 year life batteries.. ended up having to cut a hand sized hole in half inch thick steel to reach in and unlock it from the inside..)
  • 0
    We talk so much about how good is open source. Why a life can't be it? I mean, why do we have to keep secrets?

    For online shopping I use temporary cards; I don't do anything that I think it's wrong and, if in the future I regret, I just know that is normal to make mistakes.

    I suppose You just fear these types of things if you don't behave correctly, but if someone thinks differently, just say it.
  • 0
    If only mechanical locks were secure. :/
  • 0
    @PrivateGER

    When I can't pick it, its secure enough for me. :-)

    One of my favourite kind of locks, is one you can't see !

    Also hide the hinges too..

    I'm reminded of a company that had trouble with breakins, so they built a new doorway, behind a vending machine.

    The old doorway, they had concreted up on the inside, but kept the steel door on the outside.

    After a weekend, they would discover someone had spent ages bashing away trying to get in through the now concrete wall with barely a scratch on it, and left the vending machine door alone.

    Another business, had a fake doorway and room full of old broken equipment for folk to steal instead.
Your Job Suck?
Get a Better Job
Add Comment