
Drilling open a smart door lock in 4 seconds - RicCo386
https://www.pentestpartners.com/security-blog/drilling-open-a-smart-door-lock-in-4-seconds/
======
jpalomaki
Slightly related to this, the Lock Picking Lawyer on Youtube has number of
videos where he tries a Ramset gun [1] against different padlocks. For
example:

[https://youtu.be/Wimo09WV-rY](https://youtu.be/Wimo09WV-rY)

This was interesting as it was an attack that certainly would not have crossed
my mind. Would be interesting to see how other types of locks would do against
this kind of tool.

[1] [https://www.homedepot.com/p/Ramset-
MasterShot-0-22-Caliber-P...](https://www.homedepot.com/p/Ramset-
MasterShot-0-22-Caliber-Powder-Actuated-Tool-40088/202046595)

~~~
Zancarius
His magnetic attack[1] on a common commercial lock that's no longer in use was
entertaining too.

[1]
[https://www.youtube.com/watch?v=cCay5ek_cW0](https://www.youtube.com/watch?v=cCay5ek_cW0)

~~~
tanr54ok
What? No longer in use? Those things are still widely in use in many mid
century and older education and healthcare buildings around NYC.

~~~
Zancarius
I assume this specific model is no longer in use. Sorry, I should've been more
clear.

From his comments, I don't believe the vulnerable ones are still out there.
But, maybe they are.

~~~
tanr54ok
He mentions the mech was changed in 2011, mentions there’s a probably little
used retrofit and at the end of the video he comments that there are likely
many compromised ones still out there.

Which is pretty expected if you've seen how buildings are maintained in
general. I haven’t encountered a lock that doesn’t have this vulnerability in
any 20th century post-war nyc building.

------
kilo_bravo_3
The video is a compelling demonstration of a design flaw, but I am always
skeptical of lock opening displays that do not occur in a real-world
application of the lock.

Yeah, you ramsetted a lock. In a vise. Can you do that if it is dangling from
a chain between two gate halves? Or would you bring out a bench and vise to
your target?

Ok, you picked a lock. In a vise. Is it easily pickable while hanging from a
hasp, with a door behind it?

Ok, you drilled open a smart lock. Is the drill able to be positioned in such
a manner when the lock is installed on a door?

It doesn't look like it.

After drilling, you need to insert a screwdriver and manipulate a latch.

Is drilling/manipulating faster/slower/easier/more difficult than picking,
raking, ramsetting, grinding, kicking, or prying?

I like clever, but clever isn't always practical.

~~~
orpheline
> Ok, you drilled open a smart lock. Is the drill able to be positioned in
> such a manner when the lock is installed on a door?

He drilled it from the front; the face is off in the picture where he's
opening the latch with the screwdriver to better show where the mechanism is.

~~~
cheschire
He drilled it from the side. The preview picture from the video clearly shows
the entire mechanism sideways on the table.

~~~
rasz
Exactly. This has an added bonus of making it a permanent backdoor. You drill
once and put black sticker on it, nobody will notice. Is there even a sensor
in the lock to log being manually opened?

------
shartshooter
Easier way to open a smart door lock in 3 seconds...use a hooligan tool[1].
For $150 USD a SWAT team(or someone who practices for a few hours) can be in
your room in no time.

[1][https://en.wikipedia.org/wiki/Halligan_bar](https://en.wikipedia.org/wiki/Halligan_bar)

~~~
ryanmarsh
Yes. The truth is most (and I mean nearly all) residential door frames snap
like a match stick with a hooligan tool.

In a previous life I kicked in doors for a living. I don’t give a fuck how
cool your dead bolt is. I could be in your face before you were out of bed.

If you want to keep out lazy thieves any lock will do. If you’re preventing
against a dynamic entry you need trip wires, man traps, metal door frames, and
a 12ga shotgun.

~~~
chrisseaton
This isn't true - modern standard domestic polycarbonate and metal composite
doors and frames with locks that engage all the way up are a real problem for
the police as they're extremely hard to get through even with repeated blows
from a battering ram. There is absolutely no chance whatsoever that you can
kick in a modern door. You will break your leg first.

~~~
scarejunba
Do people have doors like that? Mine looks like a bog standard wooden door.
Even the fanciest condo I lived in had a massive heavy fire door with hella
heft but it didn't look metal.

~~~
yummypaint
You have to explicitly want to spend money on that type of door. Looking at
random model houses in the US, i have yet to see anything that comes with that
type of door. Most apartments dont generally have high security doors either
(landlords dont care, its not their stuff that gets stolen). Most front doors
where i live can be punctured by leaning on them in the wrong way, and may as
well be cardboard.

------
mikestew
This is probably the sole reason I went with an August (don't buy their
doorbell, BTW), which effectively slips over the existing deadbolt knob. Now I
just have to worry about August's BT/software/network stacks, but I don't have
to wonder about how good the lock is. With something like the lock in the
article, I have to worry about the tech side _and_ how much effort they put
into the lock. I almost wonder if, like so many tech "innovations" today, if
they didn't just wrap some tech around an unvetted lock mechanism they found
on Alibaba and called it day when the software worked.

------
GreenJelloShot
Isn't the point of a lock just to keep honest people honest? I mean you can
buy the world's sturdiest, more secure lock and attach it to the world's
strongest door, someone with a hammer can easily break a window.

If someone is determined and willing, there really is nothing you can do to
stop them from breaking into your house.

~~~
JohnFen
> Isn't the point of a lock just to keep honest people honest?

No. Honest people don't need to be "kept honest".

Locks have the same purpose as other security systems (including electronic
ones like crypto, etc.).

They aren't intended to (and can't) keep a determined attacker out. What they
do is increase the cost (in terms of time, effort, risk, etc.) of gaining
access. The point is -- as far as possible -- to make the cost of gaining
access exceed the benefit that would be gained by that access.

~~~
nitwit005
Essentially everyone has stolen at some point in their lives, and almost
everyone has gone into private property they theoretically shouldn't have gone
into.

My door has a lock, but must adults could get in by kicking it a few times
with determination. That's true of most locks in existence. They're there to
stop people who don't actually want to cause any real damage.

~~~
spinach
> Essentially everyone has stolen at some point in their lives

Isn't this a fairly wild claim? I've never stolen anything and can't imagine
doing so. That's a pretty dismal view of the human race isn't it.

~~~
culturestate
I don’t think they’re suggesting that everyone on earth has purposefully
become a thief at one point, but that sometimes it just happens.

I’ve definitely walked out of a supermarket with a bottle of water that I
picked up while shopping and forgot to pay for - I still stole it, even if
unintentionally.

~~~
journalctl
How often do you unintentionally walk into someone’s unlocked house and steal
something, though?

~~~
tlb
In the Canadian North, it's traditional to leave your summer cabin unlocked
over the winter so that if someone is lost in the woods they can come in and
warm up. It wasn't unusual to come back find that someone had used it over the
winter.

------
nullc
Security is usually a lemon market. The buyer can't really tell if its secure
or not, depressing what people are willing to pay, which makes it bad business
to invest in making a secure product.

It's rather difficult to find electronic locks, even for safes, that aren't
obviously less secure than traditional options.

Which is pretty sad considering that an electronic lock could be substantially
more secure if it was designed well.

The stuff that is reasonably secure, like kaba-mas products, are quite
expensive because its catering to a market that simply isn't buying on price.

~~~
Chirael
With the Internet and YouTube I don’t think it’s as much of a lemon market as
it once was. The information is out there, pretty accessible actually. For
example it’s not hard to find that Master and Kwikset might not be the highest
security compared to other options. The problem isn’t that the information is
hard to find, it’s just that most people aren’t willing to spend more for
higher security (could be a few hundred dollars more once you multiply it by a
few doors) and it’s easy to convince yourself cheap locks are “good enough” -
after all, someone could break a window, kick in the door, etc.

~~~
tanr54ok
Just because information is out there and accessible doesn’t mean it has much
mainstream penetration. Locks are a very niche hobby. Most of my friends and
family don’t know shit about locks any more than 30 years ago even though the
technology is clearly documented and explained on YouTube.

YouTube has made pretty much everything widely accessible. Doesn’t necessarily
change the market.

------
ktpsns
This is so terrible. There is an enterprise market for mature electronic
locking systems, as they are used in virtually any modern office building. And
then there is the (affordable) consumer market, and most stuff even looks
crappy.

I really would invest 500€ for a small (3 outdoor locks) system, but there is
virtually no product which I can trust in.

------
StreamBright
I avoid everything as branded as smart: locks, TV, watch, etc. I am not sure
why people think it is a viable way forward with the technologies we currently
use.

------
phs
Turns out powers tools work well on non-Turing complete locks too.

The interesting part of the threat model for smart locks are cases where a
physical attacker is _not_ present.

~~~
kelnos
The article points out that the lock casing is made of aluminum rather than
steel (presumably for aesthetic reasons), which is trivially easy to drill
through. A steel casing would take a lot longer and make a lot more noise.

The point is that people in the market for smart locks need to additionally
vet the company that makes them for their proficiency in _physical_ security,
not just in software security. A competent company that has made non-smart
locks for a while would not make this same mistake.

------
WalterBright
Eh, I'd design an electronic lock that is operated with a phone app. There'd
be nothing visible of it on the surface of the door. There'd be no way to tell
what the make/model of the lock was. There'd a flange the full length of the
door so you couldn't even tell where the bolt was.

~~~
ineedasername
What if your phone ran out of power though?

~~~
WalterBright
You could have a magnetic switch somewhere that you could tap SOS on with a
magnet or something. Or just knock on the door with a certain pattern. Or
speak "Open the pod bay doors, Hal" into a pinhole mike. I'm sure you could
think of many methods.

~~~
isostatic
And when your house has no power?

~~~
kelnos
Battery backups, of course.

There will always be failure modes. I mean, the failure mode for a traditional
lock is "I lost my keys". Unless you have someone else with a spare set who
can get to your location in a time you deem reasonable, you're going to have
to have the door forced.

~~~
WalterBright
I once had a storage unit, and lost the key to the padlock. The manager said
"no problem", and we went out to the unit. The manager pulled out a battery
operated angle grinder, and cut the lock off in about 5 seconds.

You're going to need a bank vault to beat an angle grinder. Those tools are
the shiznit.

~~~
acuozzo
> You're going to need a bank vault to beat an angle grinder.

To beat? Agreed.

With that being said, grinding through a circular padlock takes much, much
longer. I'd suggest using one of those for a storage unit.

------
alexvoda
"How do you know where to drill it? The lock has the manufacturers logo on the
front face – drill the side of the lock in line with the top of the logo. How
helpful!"

In that case easy, move the logo elsewhere.

~~~
freeflight
If you look at the internals of the lock then the tolerance where to drill,
and still be able to leverage it open, seems to be pretty big.

As such, they could remove the whole logo and it would still rather easy to
approximate where to drill, it's not like measuring dimensions is impossible
without a manufacturer logo.

~~~
alexvoda
As pointed above, it was a joke about security through obscurity and a worried
thought that some manager might actually think of that as a solution. I was
hoping that was obvious enough to not require a "/s" at the end.

------
calculuscrayon
Why even put the lock on the outside? All smart locks I've encountered just
communicate wirelessly with a smart lock inside. Physical keys are used as a
backup.

~~~
neogodless
I like keypads. On a rental you can change them when tenants change. At home
you can go out with keys or phone. Though it stands to reason you could put a
keypad outside and run a wire inside, or use wireless though personally I'm
glad my keypad lock isn't smart or wireless.

~~~
Chirael
Keypads are good, especially for higher end rentals. Another lower tech (and
probably more secure TBH) option is small format interchangeable core (SFIC)
locks where the core can easily and cheaply be swapped out between tenants.
Landlordlocks.com built a business selling this concept to landlords. I’m only
jealous I didn’t think of it first :)

~~~
namibj
So euro cylinders?

------
djmips
The 'better' lock that has rollers in the bolt to make it harder to cut off is
pretty cool. But I found out there is a reciprocating saw with counter action
available! Seems perfect to cut rollers. [https://toolguyd.com/dualsaw-
reciprocating-saw/](https://toolguyd.com/dualsaw-reciprocating-saw/)

------
swiley
The only way I've seen these used IRL is to replace hiding the keys under the
mat. So IMO this is still an improvement.

------
dvcrn
Where I live, the smart locks I saw are mounted in from the inside and go over
the existing screw bolt thing that unlocks the door. From outside you would
have no idea that it's a smart lock. But yeah, they don't have something
outside you could touch an NFC tag on to unlock

------
zelon88
Security isn't about preventing someone from breaching the "lock".

It's the level of difficulty (measured in time) that it takes to breach the
"lock".

That being said, given unlimited resources; no lock is unbreachable.

~~~
segfaultbuserr
Yes. But a difficulty of 4 seconds is a bit too low. I expect 30-60 seconds
for an door with moderate security.

------
zaarn
Tbh with smart locks I'd be more interested in the lock detecting a break-in
or destruction of the door mechanism, so it could for example call the police
if someone smashes in the door.

~~~
aivisol
You don't need a smart lock for that IMHO. Any house alarm usually can detect
intrusion.

