Hacker News new | past | comments | ask | show | jobs | submit login
Towards Inferring Mechanical Lock Combinations Using Wrist-Wearables (arxiv.org)
36 points by jloughry 8 months ago | hide | past | web | favorite | 7 comments

Modern high security combination locks are digital, the rotation for each number is random. http://www.kaba-mas.com/kaba-brand/products/906098/x-10.html

However the S&G electromechanical is direct dial, so would be susceptible. http://www.sargentandgreenleaf.com/products/electronic-locks...

However people usually open locks with their dominant hand, and wear their watch on their non-dominant hand, so it seems to be a small risk overall.

The paper is specifically about mechanical combination locks. Although fascinating in the sense of modern tech defeating old-school security, most people would encounter a combo lock these days only on gym and school lockers.

I'm more concerned about codes on keypads and passwords on keyboards being captured by cameras, either hidden spy cameras (like at ATMs) or ubiquitous security cameras that you don't even notice anymore.

Cameras are a bigger threat and I haven't seen any good novel ways to defend against that. Years ago there was an ATM pin pad that had changeable digits on each key. It shuffled the digits for each user, and you could read the digits only if you looked head on. But it didn't catch on.

"Cameras are a bigger threat and I haven't seen any good novel ways to defend against that."

My method is not novel, but to guard against cameras and shoulder surfing when typing in a code on a keypad, I've always just covered my typing hand with my other hand.

At some banks, I've seen keypads retrofitted with raised sides, presumably to make viewing the keys from the side impossible. Your hand is still visible when you type on those, though, and so I would guess the keys that you type could be inferred from your finger motions. Anyway, the top of the keypad is not obstructed (so that the user can see it themselves), so a camera from above or someone from behind might still directly see what keys you type, so I still cover my typing hand with my other hand even when using these types of keypads.

In my country, outdoor combination-lock key boxes like [1] are not unusual. (Admittedly, the article is about single-dial combination locks rather than multi-dial ones)

These are a cheap retrofit to allow a shifting group of people to access a building. For example holiday rental properties, bedridden people with carers from agencies, outsourced building open-up/lock-up services, and suchlike.

Of course, they're already terribly insecure [2] even without this attack.

[1] https://www.screwfix.com/p/master-lock-5-key-combination-key... [2] https://www.youtube.com/watch?v=fdeMaWkJF2k

Who wears their watch on their right hand? That's weird.

Cool demo, I guess.

Pretty common to wear a watch on a left hand and a fitness tracker or separate smart device on the right, though

Left handed people do... Since you tend to wear a watch on your non-dominant hand.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact