• borari@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    12
    ·
    3 months ago

    That’s fair. I can store like 20 codes or something, so I just keep one extra in there then rotate it after whoever I had to give it to is done with needing it.

    I live on a really busy street in a city, so I’m really not worried about someone breaking a window to get inside. Sure there’s a nonzero chance a methie might smash a window, but around here it’s mostly just testing car door handles and maybe smashing the car window if there’s a visible wallet or pill bottle or something.

    Walking up to my door and doing a replay attack, or sending a master password to the lock takes seconds and doesn’t look any more suspicious than a resident entering the house. This talk is from 2016, but I doubt things have gotten significantly better, and I don’t want to be replacing my door lock, or even worrying about updating firmware, whenever something like this is found (Picking BLE Locks - Anthony Rose & Ben Ramsey).

    But yeah, I’m not saying anyone’s an idiot for using a smart lock or anything, odds are it will never matter either way.

    • mosiacmango@lemm.ee
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      3 months ago

      There are a lot of zwave s2 locks out there. No Bluetooth at all.

      128-bit AES isn’t amazing, but it’s more solid than bluetooth and most hardware locks.

      Most locks, including deadbolts, can be picked or bumped in seconds. The physical lock is the weakest point. You can get zwave s2 smart locks with just pin pads, no physical key. That’s probably the most secure option.

      • borari@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        4
        ·
        3 months ago

        Silicon Labs Z-Wave chipsets contain multiple vulnerabilities

        CVE-2020-9060 Z-Wave devices based on Silicon Labs 500 series chipsets using S2 are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.

        Oof. Could you imagine having a vindictive neighbor who is mad at you over some dumb shit you have no idea about, then then DoS’ing your lock that has no physical key?

        Again probably as close to zero as a non zero chance can be of actually happening, but idk just give me a key and some buttons for when I have bags and shit.

        Also, if i decided to go in to home invasions I’d rather just carry around a phone or a raspberry pi or something and pop smart locks than carry around a snap gun.

        Everything you’re saying is right though, there’s always a trade off when it comes to security.

      • Malfeasant@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        3 months ago

        Lock picking takes skill. I’ve defeated a deadbolt and doorknob with a cordless drill in ~15 seconds. And it’s not even all that loud.

    • The Pantser@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      3 months ago

      Always have a backup trigger. A open/close sensor is hard to beat. They would have to know where it is and have access to it to bypass it. And for good measure a shock sensor to know if someone is trying to break it down.