The argument from them will be that smart locks do not regress security and safety.
Given the widespread and well known security problems with IoT devices across the industry, I think it'd be reasonable to demand assurances on this. For example, an audit trail provided to the resident for every unlock event and who authorised it, an agreement to immediately revert indefinitely to a physical lock at the landlord's expense if a vulnerability is discovered, and daily financial compensation for every day that the landlord fails to act on these mitigations.
Anything less than this I'd argue is a breach of contract, and any requirement that doesn't provide similar assurances would have to be by agreement by the tenant (ie. a new contract signed).
I always wonder if the folks making legal claims on hn actually practice law - the arguments are often nonsensical. Or maybe this type of logic is why law seems so backwards to folks
No, but the contract was signed at a time when physical locks were the only norm and the security and safety characteristics of a physical lock can be considered to be implied by that contract.
[For example a typical rental contract does not say "the landlord will maintain a working and suitable lock on the front door" but clearly a landlord would nevertheless be in breach of contract if the lock needed replacing due to wear and tear and the landlord refused to fix it]
This wouldn't rule out installing a smart lock in the future, but only if the security and safety characteristics, as implied by the contract, are not regressed by doing so.
A remote unlock facility wasn't agreed by the tenant, so it's reasonable to ask for an audit trail requirement in this case as previously the landlord (or their agent) would have had to be physically present, so their memory would serve as an audit trail.
I think that the perspective that [the addition of] a remote unlock facility without an audit trail compromises the security and safety of a physical lock and thus breaks the implied contract is a perfectly reasonable argument, especially given the prevalence of general industry failure (known vulnerabilities in specific models) in this area.
> I think that the perspective that [the addition of] a remote unlock facility without an audit trail compromises the security and safety of a physical lock and thus breaks the implied contract is a perfectly reasonable argument, especially given the prevalence of general industry failure (known vulnerabilities in specific models) in this area.
While the argument can be entertained, housing statute provides for no such requirements (providing an audit trail of smart lock activity to tenants). I'm happy to run it by my attorney for funsies if you're interested in going down the rabbit hole, but I'm confident the use of smart locks, as well as not providing access control data to tenants, is entirely compliant with housing statute (and I have read all housing statute for the states I operate in).
Ask your lawyer to explain implied terms of a contract, what implied terms might exist in your contract with your tenants with respect to expectations of the provision and maintenance of things such as locks that were present at the start of the tenancy, and what obligations you may have to maintain the same level of security and safety that existed at the time the contract was signed.
Your lawyer will most likely tell you that you can't _reduce_ the security of the locks, with the baseline being something between what you implied that you would provide at the start of a tenancy and what is the norm for tenancies of the same type, and that whether or not the addition of a remote unlock facility does so or not depends on the specific circumstances that only a court can determine.
I can appreciate the concerns, but not to the point where I'm going to waste time litigating it. It's a public policy issue that needs to be addressed.
This would be accurate, but depending on the terms of the contract the tenant may have no obligation to do so, and you would still have an obligation to provide the same quality of lock, secure under the same reasonable threat models, as what was present at the time the contract was signed. In other words, it may be that you would not be entitled to force a smart lock [that adds extra things that compromise the security of the implied threat model such as remote unlock] on the tenant, just as you would not be entitled to remove the lock entirely.
> ...or not renew their lease when it came up for renewal. Being expensive to service is a trait I can legally discriminate against, and is not protected by fair housing laws.
No argument there.
Still leaves concern for DOS and privacy attacks.
No lock is totally secure, but at least a dumb lock requires physical presence to defeat.
The real problem with all this network connected stuff isn't even the new failure modes per se... it's the correlated nature of the new failure modes. (You know you're a Real Systems Engineer if something inside of you just screamed in terror.)
As a less vandalism like attack, consider when your drunk neighbours attempts to enter your apartment instead of their own. The security "feature" of a lock out is just an easily triggerable denial of service attack.
But wow. I'd be doing the same as her if this were forced on me. I love IoT things. But I draw the line at door locks. Physical security is already difficult enough. I'm not adding more attack vectors to that.
Not to mention the data exfil that will most definitely happen with that system. I'm confident that even if the lock itself ends up being secure that the data that gets given to the landlord won't be protected at all.
I can understand the need for IoT device in industry, such as remote monitoring of device in the field. For home use I have yet to see a device that make any sense. IoT is at this point complete marketing hype, and very little practical application.
The only two exceptions are my phone (hard to avoid) and my radiator thermostats.
For the latter, they are connected to the internet and I can adjust temperature and put them in "holiday mode" from an app or web page. However the control box doesn't require any firewall holes or port openings, as far as I can tell it gets updates by sending a HTTP request to the same online portal where I can control my heating schedules.
It communicates with the thermostats and window sensors on some kind of RF protocol similar to Z-wave, but if someone goes to the effort of hacking that just to mess with my heating, I would actually be a bit flattered.
I probably wouldn't choose the internet-connected version again. Even though it is a lot easier to setup and manage, I think I would prefer the "dumb" standalone units. They're a bit more fiddly to setup initially, and you have to put each of them to holiday mode manually. But I would prefer to not have them connected to any kind of network.
I used to be the type of person who wanted everything 100% connected 100% of the time. Over the last couple of years, I've taken a pretty hard turn in the opposite direction, I prefer to have everything as simple and standalone as possible.
Slightly off-topic but I have a thermostat that only turns on when my phone (or me) is on the way home and it automatically turns it off when I leave my home.
It saves me _considerable_ amount on my heating bill, especially since I'm not home on a regular schedule and often don't know until hours in advance.
Smart devices are fine for me. Using them as an excuse to turn a product into a service isn't.
How is that arranged in the US?
In the US, it's standard for a rental agreement and/or state law to specify that the landlord can enter your property with 24 hours notice even if you're not there, or to enter immediately in case of an emergency.
As a European, I find the idea extremely shocking.
Here entering the residence of someone without their explicit consent is considered home invasion and can net you a year in jail and a fine of up to 15000 euros. It doesn't matter if you own the property as long as someone else lives their. It remains true if they are not paying. You will need the police and a court order if you want to enter.
All clauses in contracts that require you to give a key to the landlord are automatically void.
From a privacy stand point there are many concerns but when renting or leasing you are already bound by laws requiring you to admin maintenance and even owners with sufficient notice. Notice timeliness is all based around the nature of the call.
Plus on a safety side, elderly people could have locks opened for emergency persons by a central clearing system similar to how some home security systems are managed.
In the long run, you opt out by living somewhere else or owning your own place. There are both pros and cons and we need to focus on both and not one or the other.
edit: Another service/feature/etc I have seen lately is bundling standard utilities into the lease with surcharges for exceeding caps (electricity, gas, and water). This relieves the landlord of headaches and new residents from having issues getting services started
You had to set up an account with a 3rd party service who required a picture of a photo id and a small fee ($5 for 30 days access, IIRC). The rental listings would ultimately link to the 3rd party service where you could schedule a visit to the house, then get a temporary code to access the key when you arrived. All of the homes still used traditional physical locks.
I'm not a fan of "smart" devices, but think this was actually a great service as long as the home is unoccupied. As a tenant I was able to easily visit a dozen different homes in one day without having to spend hours on the phone scheduling visits with property managers.
Just like with my car, it would be really convenient when holding kids and a load of their stuff to not have to fish out the keys.
I suppose there's the issue of your landlord locking you out if they're unhappy with something, but surely that is not purely a technological issue.
Also, cars are very different than homes. Typically we don't store truly valuable and irreplaceable items in our cars, unlike our homes. Typically we don't sleep in our cars, unlike our homes. You can easily see if someone is approaching your car, or trying to get in, when you are in it. Not necessarily the case with your home.
But offhand I can think of several horror stories about smart locks, and no good stories. The tech just seems absurdly immature at this point. And this product, in particular, is apparently known for glitching and not working, so...
Smart locks also have to consider how they'll function without electricity. An exposed slot for a battery could let an attacker instantly fry the lock from the outside.
A long time ago I got drunk at my birthday party so my wife drove us back to the beach house we rented. She parked my car so that it was about five inches overhanging someone’s driveway.
Their driveway wasn’t blocked but it was a dick move and they retaliated by shaving off candle wax into my car’s door locks. Fortunately I always used remote unlock but back then most people still used physical keys to unlock their car.
People can mess or destroy any lock. There are legitimate concerns about electronic locks for sure but I don’t understand setting the bar so much higher for them than mechanical locks.
I don’t understand setting the bar so much
higher for them than mechanical locks.
Because the reviews I've seen indicate almost all smart locks fall a long way short of the security of equally priced mechanical locks.
I'll admit my example is poor. A good smart lock wouldn't default to unlocked if electronically fried. I still think it's worth being worried about how easily and discreetly you can vandalize a lock.
The problem of those locks - or really, almost any IoT device - is that they're connected to a third-party service. This creates risk of abuse, remote hacking, remote bricking (e.g. when the vendor decides to thank everyone for the incredible journey), breach of privacy and ties user into a hostile relationship with the vendor, because the device isn't really a product anymore, but a service.
Same with key codes: internet management is not really needed for that. Of course access could be properly secured, but vendors have a really bad record of actually getting that right.
Imagine a scenario like that: You leave your car in a parking lot. One attacker follows you with a repeater. Once you're around the corner the second attacker approaches your car and opens it via the repeated radio signal and starts it.
A while ago there had been a small debate on this topic, as attackers actually used such an approach to break into cars (sometimes even stealing them)
so many factors become part of the threat model, when you could stick to the physical lock, and really limit it.
https://twitter.com/internetofshit?lang=en is a pretty good example.
you could make a rfid chip reader part of your lock, but even that has weakness.
tldr: limit your damn threat model/inconvenience.
I think privacy, network security, and availability are the bigger issues.
if a criminal is going to break you door, it's going to happen. but, i think people would be more suspicious of someone picking a door lock, rather then waving a Chip and the door allowing them access.
i know, alot of hotels weren't surprised to learn their room doors were amazing weak.
if you want a good physical lock the ANSI Grading System is a good place to start.
I bought various cylinders that open with the same key. Thus I can open my garage, my flat, and my other small spaces with the same key.
Advantage too: the previous tenant wouldn't be able to access my home if they've kept the key. The landlord too.
And if there's an unlikely urgence ? Well, just break the door (it's a cheap cardboard-y one)
But frankly, I would do it even if it was forbidden, as long as the door wouldn't be reinforced.
/If I ever came to one of my properties and my key didn't work, you better bet you'd be evicted.
On your greater point, there are a million ways to skin a Roman senator. There are alternatives that don't require a smartlock and if an otherwise great tenant (or applicant) really pressed the issue, perhaps I'd go with another one. In the absence of that, I'll go with what's easiest and sensibly secure (which, by the by, a smartlock is).
The owners aren't installing it themselves but going through https://smartrent.com/. As you can see from their homepage, the benefits of the smart home features are aimed at owners/landlords/property managers primarily, with renters' benefits being secondary. Those landlord benefits come from online automation.
I would obviously only consider one that has a fallback to an actual key.
Finding a software hack is probably the least of your worries.
In addition to what you said, people often leave mechanical locks unlocked on at least one or more windows or doors. People often have easily broken glass on their doors. It’s commonly said that most locks are “courtesy locks” because they’re so easy to defeat. So I don’t understand many of the security concerns surrounding electronic locks. Privacy and failure concerns I can understand though.
Right now the predominant attitude is basically "key control is easier than trying to secure IoT." Easier to use a physical key and manually vet who gets the key than to audit an IoT setup. I tend to agree just because the state of security practices in IoT is so egregiously bad.
It's a hard trade off and yes I don't trust most keylocks company to get iot security right since it's not their core competence
The best systems are currently (for non-safes), the combination strong mechanical (Abloy, etc.) plus electronic. Two systems I've seen be non-crap are Abloy Cliq and Videx CyberLock.
Neither of these is residential.
Home Contents Insurance companies take note - these guys are asking for it.
For liability, the large companies use big key control systems to try and track which staff is checking out keys to what, but it’s still possible for staff to make unauthorized copies. With an electronic lock they get a nice report that shows all the times the lock was used and when the door was opened.
And finally, many property managers are control-freaks and they love that tenants need to ask to make ‘copies’ of the electronic keys. Previously the only real option for key control was something like Medeco and most don’t want to pay for that.
/To do this requires a good relationship with your tenants and technicians
But on the other hand....our landlord does have a physical copy of the key to our house. I consider this to be a good thing, not a bad thing though! Probably made even better by the fact that legally the landlord has to give tenants 24 hours notice if they want to gain entry(in the UK). They can't just come over whenever without telling me first.
Citizen's Advice confirmed he had no right to be there without our permission.
This should only be acceptable in the case where your landlord is also your property manager. If they're not, then your letting agent should have a copy of a key.
On the 24 hours note, in 8 years of renting in the UK, I can only remember one instance where I was actually told 24 hours in advance. I was usually emailed at 5pm saying "hey, we have someone coming around for X tomorrow at 9:30, we will let them in". I told them no but they still came every time.
Then they were breaking the law, and almost certainly the letting contract. The only question is whether you want to do anything about it or not(legally) - most people don't want to go and fight with their landlord over a repair happening with less than 24 hours notice.
I only had to do this once - our landlord wanted some work carried out in less than 24 hours from telling me and I said ok, but you need to give us at least 24 hours notice, come back the next day - and they did.
The practice in Turkey is to change the lock as soon as you move to your apartment. And most of the time landlords say "I don't want to be accountable if someone enters to the apartment, thus change the locks as soon as possible". And even though the landlord owns the property he is not allowed to enter to the apartment, there is a specific law for that.
Even if you consider these particular benefits, you should be able to make the choice of whether or not to give your landlord (or another trusted person) a spare key.
I do have that choice. I can go and change my locks today if I chose to and the landlord can't legally stop me from doing so. I just chose not to, because to me(personally) the landlord having the key is worth the benefit it provides.
> And they can’t describe a patch SLA or what they’ll do in a couple years when their Zipato hubs aren’t updated anymore.
> Been chatting with other security folks who brought this up and they were totally dismissed. Vendor couldn’t state they took basic measures like hashing and salting lock pins.
If this was optional, fine, choose not to have it. But this isn’t optional, it is mandatory for all property managed by the same group, over the head of the landlord.
This is a ligitimate security issue, since internet-enabled locks are never going to be secure enough to trust your life with, and even if one brand works well, most landlords will not be technically equipped to sort the differences out on there own, and will wind up deploying these locks before expert researchers can evaluate them.
Working resonably-secure locks or not, what happens when the mothership goes down? When the domain gets hijacked? When wi-fi gets jammed? When wires get cut.
Really sophisticated two stage attacks are being used on car security systems already. Step one, damage the internet link and wait. Step two, when the link is down the car’s security is defeated, and may be safely stolen.
Oh look. Another buzzword. Get gaslighted.