English

Focus On Design, Production And Sales As One Quality Assurance

View All Products

Wholeheartedly For The New And Old Customers

View All Products

Superior Quality, Competitive Price And Timely Service

View All Products

Failure of the week: Padlocks claim to provide protection, proves pathetic | Hacker Day

2021-12-14 11:05:22 By : Ms. Caroline Chen

Anyone who understands the security of the Internet of Things may avoid physical security products that have some kind of wireless control function. The list of exploits for such devices is a long, regrettable statement about security, if any. Therefore, if you think that a Bluetooth-enabled lock is best to attack through its wireless stack, this is understandable.

Facts have proved that the Master 5440D Bluetooth key safe can be solved with a screwdriver in a few minutes. The key safe is the type used by real estate agents or AirBnB hosts to allow access to the property keys. [Bosnianbill] Started checking the $120 unit, looking for weaknesses. When physical attacks with a hammer and magnets to deceive the solenoid were ineffective, he decided to strip off the elastic skin carefully provided by the master to prevent the box from damaging the door or the finish of the gate. The exposed device thus reveals its terrible secret: two Phillips screws, each of which secures the lock to the lid. Once these are loose, you only need to pry a little with a screwdriver to get the key of the kingdom.

In a follow-up video released later, [Bill] took a closer look at another key safe and found that the Master sprayed epoxy in each screw head to fix this vulnerability, but the effect was not good. At best, it's weak, because hitting with a hammer compresses the sticky material enough to grab the screw.

We really think [Bosnianbill]’s attack was electronic, just like [Dave Jones] hacked the safe with an oscilloscope at that time. Who would have thought that a screwdriver would be the best way to pass a wireless stack?

Thanks [Jay] for the hint.

Not as pathetic as forced alliteration in other articles

Cheesy, absolutely...but relax and let the authors have fun

Alliteration is always fun and amiable. The ant changed the ingenious way of visiting afterwards. Aqueous

Actually alliteration is not always funny, and it's actually terrible... Damn it!

The robotic reporter relentlessly copied the register.

Although just reminding themselves of El Reg, after avoiding it because of how frustrating it is, looking at the front page, it seems that they are no longer obsessed with it.

This is a master lock. Their padlocks have been broken by zippers and chicken bones. I guess the screwdriver is an improvement.

I'm sure that some master locks have been defeated by the harsh eyes of a passing nun.

I remember that when I was in high school, the baseball team dared to put their things in the area designated by the football team! ! ! ! So they had to go...

It's almost like wishing us to protect our "block". I mean, otherwise why would they store the dumbbells in the locker room instead of the weight room? With one click, your locker has been moved to the proper location.

Guess which team I am in...

Find TheLockPickingLawyer on YouTube. Seeing how fast he opens most locks, you may never sleep anymore. "Unopenable" locks take longer to open...in most cases it may take a full minute!

One of my favorite YouTube channels. It is surprising how easily most locks can be broken. Of course, his voice also meets ASMR standards.

"Use this custom tool made by me and my friend to pick in 20 seconds" channel

This is actually very realistic. Some thieves will protect the target and find out what protects it, and then try to bypass the equipment on the bench in real life. There are many things that are not adequately protected.

I have seen a warehouse full of high-end sports cars with only padlocks. The electronic warehouse is fixed with easy-to-bypass thumb scanning. There is also a chemical processing plant with only a dead bolt fixed. I hope no one knows what chemicals are being used there.

That being said, custom tools are nothing compared to the fact that much physical security relies on the public's belief that lock manufacturers do not reuse key combinations.

I agree with you 3/4. I do have reservations, that is, before recording the video, the very fast youtube lock selector has been practiced under exactly the same conditions, lubricated and relaxed, and locked many times. Now, although the technology between the different keying versions will be similar, I doubt whether the flip-twitch and flat-rotation sequences of muscle memory are the same, and it will take them longer to feel it in the new example.

Someone told me many years ago, "You only need six GM keys of all kinds, and you will never be short of a way home." This has remained the same for a long time, and may still be suitable for retrofitting remote-started vehicles. The remote start requires the chip key to be hidden somewhere in the car to work. This is really a bit like https://en.wikipedia.org/wiki/Birthday_problem, because you don't need a lot of keys to enter one or more cars when the parking lot is full.

It's too difficult to use weird screws. Use these on Lidl plug strips.

On the other hand, hardware stores sell screwdriver bits with safety screws.

Rivets or popular rivets are too hard? They can have an ordinary screw, which can be milled after tightening.

Cordless drills can also solve this problem. Connecting pins with screws or rivets is just a simple design flaw, because it basically just says "drill holes here to open."

Those hardened machine screws are available, then at least they must use titanium drill bits or be there all day.

I think a proper shackle is always better to replace those two pins with screws with the correct bends, regardless of the type of screw.

It should be noted that the drill bit itself is not titanium, but a titanium nitride coating.

This only helps with long-term wear, they will not drill hard materials better. If you want to do this, you need cobalt high speed steel or carbide drill bits.

Or a can of freezing spray, a center punch and a hammer.

The usual best practice is to use screws that can only be accessed when the lock is open. It reduces the possible ways to construct a lock, but it is better this way.

Yes, this is a bit like lock 101. I know that when I saw the locked outer door, it was obvious that you didn't put the hinge pin outside. :-) But it seems that my 3# hammer can also quickly open this lock. But the pictures can be deceptive. Of course it looks overpriced.

I think, for me, the moral of this story is: don't forget "low technology" when defeating "high technology". :-D The same goes for designers.

Yes-lock design is a security field. In addition to metaphors, "resistance to brute force attacks" need to be considered literally. To make a lock, you can easily enter its intended use with a screwdriver-well, this is a very creative way to make a scary lock.

A three-pound hammer can also defeat some front doors. The standard style of the North American bolt has a weakness. If the lock is displaced a lot from the hole, through brute force or lever, then a thin tool, a hacksaw blade, can be inserted and used. To turn the bolt. Therefore, it is wise to install an internally shielded version to prevent this from happening. There are more than a dozen other methods, but at least the 10 second method will not work. Sometimes, the method is to drill a hole above or below the lock and then use the hole to machine the bolt. Less clumsy, but more buzzing, although the drill bit can be wrapped in a jacket, pillow or other things without overheating in the few seconds it takes to pass through the thin mild steel sheet skin of the door.

We should probably worry about how cheap and usable these "earwax" camera and borescope types are. They allow more precision in the "look for latch" type methods, and may be forcibly bypassed or under many door seals. , Or the door can be wedged at the top or bottom to allow them to enter.

Are most of the houses in the American suburbs not made of wood? So you only need a simple chainsaw to make a new front door...

When I was a kid, my brother had a lock on his "Crazy" magazine cabinet. When he found out that I was reading a book, he was very angry (not a pun), but he was also curious about how I got them. (There are exposed screws on the hinges of the cabinet doors.)

The screws are good, but they are internal and can only be used when unlocked.

The problem is that if you don't have to unlock it first, it's much cheaper to assemble. Strangely, Master spends more on marketing than they spend on manufacturing. Therefore, we mainly only see their substandard locks. They have access to the supply chain and retail channels, so they can build a very good lock with a high-quality high-end lock that significantly reduces costs (75%? 50%?). There is really no place for a $5 padlock on the market. (I just looked at the 2 locks for $8 on Amazon).

If your thing is only worth 5 dollars, then I want to tie a shoelace on the buckle. No one will mess with it honestly.

In any case, a cordless drill can beat the screws, even if you strip off the head and stuff them with trash.

Good quality screws can be rolled and hardened. I threw away more than one drill bit while trying to remove the damaged bolt.

These are not good quality screws, I have not tried it, but I suspect that even a hardened steel drill bit will cut through it like butter.

Finally, I removed the screws that were not used to use the left-hand drill bit. They bit into the head and screw it out. Unfortunately, a good set of extraction bits are expensive, and I hate to break them. Of course, if you have to throw it away anyway, it is cheaper to drill forward with a cheap drill.

"Sadly, a good set of extraction drill bits are expensive, and I don't want to break them."

This happens every time (IIRC) when I try to use one. (sigh!)

Same as above, the conclusion is that if it is loose enough to allow an extractor bit to be taken out without breaking, I will take it out using my other methods first.

This really proves it: the manufacturer is selling something is an illusion of security, not security itself. It says Master Lock, $120, and it looks difficult to open unless you know the code. Most AirBNB owners will not destructively disassemble the lockbox before installing it in place. They *feel* safe, which is important to them. It's a pity that all this is just an illusion.

Sadly, "Safe Theater" is an appropriate description of *many* things in the world today.

I subscribed to "locks only keep honest people honest" a long time ago. School of thought, in my padlock needs, I tend to "secure in obscurity". This means I will look for non-branded models that seem to have limited availability, hoping that the thief has never seen it before, and I don’t want to risk 5 or 10 minutes to figure it out for the first time. It's like bear coolers, they are not, you just want the bear to take up 25 minutes before it looks for something easier to pick.

"...It [app] will tell you where your lock is..." Damn, I must clean my keyboard now XD

I think the average friendly neighborhood burglar will only break windows or kick doors, and won't bother to pick the locks. More aspiring people may try to pry open the window or bring some kind of cutting tool.

Unfortunately, I started from personal experience.

Indeed, they also tend not to perform a cost-benefit analysis to determine whether it is worth breaking the $500 window to get a TV worth $50 (at a pawn shop) that can be seen through.

They will definitely do this, because they are not the ones who pay for the windows! The best home security you can have is a big four-legged furry friend, and neighbourhood thieves will definitely choose a house without a dog instead of a house with a dog.

For a thief, it is worth breaking the $500 window to steal $50. The thief does not need to pay for the replacement of the windows.

That’s what I mean, guys, they don’t analyze, they just break the window

(In the video)> The lock pin is still in place, so the lock does not know it is open...

Where is the micro switch at the bottom of the door? This should tell the electronic device something...but I still wouldn't buy a "smart" lock.

Usually, when traditional lock manufacturers make "smart" locks, they get the correct physical security, but they mess up the wireless protocol. (For example, use the Bluetooth MAC address of the lock to export the AES key.)

Generally, when IoT companies make "smart" locks, they sometimes use wireless communication correctly (good and safe), but since they have no lock unlocking experience, physical security is rubbish.

Bosnianbill did not evaluate Bluetooth communication, so we don't know what terror lurks there. However, Master has considerable experience in making physical locks. They should be clearer!

You can also wait for Sharper Image or other similar questions to make one and get the best of both worlds!

How about a button code lock that can be opened with a powerful magnet? https://www.youtube.com/watch?v=2KSoPIeN9wY

I have not seen an example of this lock box that is not a pile of garbage. Is there a truly secure lockbox market?

Please be kind and respectful to help make the comment section great. (Comment Policy)

This website uses Akismet to reduce spam. Learn how to handle your comment data.

By using our website and services, you explicitly agree to the placement of our performance, functionality and advertising cookies. Learn more

Featured Products

News & Blog