A well constructed electronic lock can be considerably more secure against non-destructive attack than any mechanical lock. Yet IoT locks continually have gross vulnerabilities that allow undetectable bypass-- and issue that even moderately good mechanicals locks don't really have (even picking usually leaves evidence).
Original funding from IndieGogo. LOL. Yeah, that's a bunch of folks who know lots about security. And as soon as I see MQTT (or any other abstraction layer above UDP or TCP/IP) I know that doom follows.
The worst part about this is that making secure locks when cloud connectivity is available just isn't that hard. Use a Curve25519 library. Everybody (lock, phone, cloud) generates their own keys and exchanges public keys facilitated by an originator set of keys from the cloud installed at manufacture time (this prevents getting man-in-the-middled at configure time without having to go through complicated public-key exchange algorithms that might get cracked).
Commands are always encrypted using public keys and always involve the cloud. Return no ACK (your ACK is that the lock unlocked) so you can't brute force. Done.
If you really want to be paranoid, the lock and phone should exchange a separate set of public keys that encrypt the commands uploaded to the cloud that get forwarded to the lock. Now, even compromising the cloud doesn't let you unlock the door.
A secure lock without Internet connectivity is quite a bit harder because you have no unimpeachable "oracle" to present a point of "truth" that can be relied on.
Because of the aformentioned rabbit hole, the fomer group doesn't tend to ship many products compared to the latter. The latter group's design gets compromised by a magnet or a magic packet because the description didn't say anything about those. :)
I think if you think hard about it for a while and do some research you'll find that it's actually more complicated than you might think. ... two way communications between the 'key' and the lock, non-volatile counters in each to prevent replay, secure crypto that is too slow and power hungry when run on the 8-bit microcontroller that fits in the space/power/cost budget... etc.
Of course, you can work around these challenges-- but that's the rabbit hole. :)
There are various kinds of pretty secure electronic locks. Because of the extremely poor track record of cryptography in embedded devices I'd be inclined to find designs that rely less on crypto more trustworthy. I'm fond of the kaba mas x-10. :)
I'd say there are better ways to prevent man-in-the-middle attacks during set-up, which are IMO not really a problem anyway. You have bigger problems if that is a part of your threat model.
>If you really want to be paranoid, the lock and phone should exchange a separate set of public keys that encrypt the commands uploaded to the cloud that get forwarded to the lock. Now, even compromising the cloud doesn't let you unlock the door.
But now you're doing public key exchange which you wanted to avoid, why then involve the cloud at all?
1) Key exchange is mediated, encrypted and authenticated by the cloud.
2) Command exchange is always encrypted and uses the already exchanged keys between the phone and lock. The commands may or may not go through the cloud as an intermediary.
> It's not that easy: Now the lock doesn't work when either your phone or your lock has no internet connection, or the cloud is down.
I don't find the requirement for the pairing process to be cloud mediated to be very onerous. After the pairing process, you can decide if the reliability requires the lock to operate if the cloud is offline.
And you probably need at least intermittent internet connectivity or you can never revoke access.
> And you need to use a phone that is manufactured by the same company as the lock?
It's called an app. And generally, yes, the manufacturer makes you use their app to open the lock.
> I'd say there are better ways to prevent man-in-the-middle attacks during set-up, which are IMO not really a problem anyway.
I don't agree. The problem is that pairing is ALWAYS annoying and nobody wants to put a button on the lock to change its mode (or want to be able to automate the addition of people to the lock control). An attacker being able to arbitrarily activate the pairing process locally gives a much bigger attack surface--forcing this process to involve the cloud cuts that surface down significantly.
> But now you're doing public key exchange which you wanted to avoid, why then involve the cloud at all?
It's not a public key exchange. It's a private, encrypted key exchange with keys that got mediated by the cloud. That's a much harder system to attack from the point of view of an attacker.
If the cloud is gone you're still stuck. Companies do go bankrupt or get hacked. Anything that requires an app or cloud access is a big no for me. I'm trying to make my life more secure and comfortable. Relying on a zillion different companies and their (buggy) apps is the opposite of that.
> I don't agree. The problem is that pairing is ALWAYS annoying and nobody wants to put a button on the lock to change its mode (or want to be able to automate the addition of people to the lock control).
You're still going to need that button for pairing with the bridge and/or your local Wi-Fi.
If someone has local access to the buttons inside the lock they don't need to crack my lock, they are already inside. I consider the risk that someone spends the time figuring out my lock system, somehow gets access to the pairing button and breaks in on another point in time lower than that the cloud gets hacked with the access to all their locks with a list of the addresses sold to a bunch of burglars.
As someone who works on MQTT server technology, this opinion surprised me - it's a lot easier to get the security right using an MQTT server - user credentials are part of the protocol where as you have to build it yourself if you start at the TCP/UDP layer.
The problem in this example wasn't that they were using MQTT it's that there was no authentication/authorisation checking done - normally achieved by configuration - that would be possible in TCP as well - by not implementing it ;)
Why? It's practically tautological. The technology is irrelevant--it's all about the users.
The set of people using MQTT is:
1) The clueless (those who don't know better or the buzzword-driven)
2) The clueful with no power or cost constraints (to first, second and third approximation--a null set) because if you add constraints to someone with clue, they will dump everything above UDP or TCP/IP.
Thus, MQTT == DOOM.
(If I'm being less uncharitable, an MQTT broker is a service I don't control and have no visibility into. It only takes being on the receiving end of one bitchfest because an MQTT message didn't get delivered because "reasons" before you pull the plug on it and do it yourself. Given that I can predict with 100% certainty that this will happen, why even start with MQTT?)
Picking normal locks leave easily discovered evidence. I once even detected a lock at my office had been picked when I put my key in the next morning and noticed it felt different!
(I learned it had, in fact, been picked-- because after that happened I asked on the company chat and one of our security people responded that he'd picked it the night before for reasons)
Usually while picking you'll also scratch up the pins and keyway in a way that a key won't. You can also end up with the pins a bit cockeyed.
You can also turn it in directions that it can't turn with the key in it, and on some cylinders you can turn it the wrong way and have all the pins fall out!
You in many locks you can also end up with it 'locked open' where you have to pick it again to be able to get a key into it.
I think in the incident I mentioned the cylinder was left in slightly askew which made it feel odd to insert the key. I'm not sure if someone who hadn't picked a lock before would have recognized something was unusual just from the feel.
Of course you can take a lock apart and examine the pins & chambers for signs of picking, but that is a bit extreme if you don't suspect it.
So while it is possible to leave external signs of picking, it's not necessary, and often indicates something went wrong with picking.
Maybe extremely careful picking would pass, but at least my efforts always mark up the pins. :)
Compromises in electronic locks tend to be a lot cleaner.
What's difficult to know, is if there were large market of IOT locks, and much more scrutiny on the companies manufacturing IOT security products, whether that would lead to a reduction in unsophisticated attacks against the products.
As of today, it seems many digital locks are just as bad or worse at physical security than traditional locks, and the IOT connectivity opens up new avenues of attack.
Or, heck, just unlock all the doors and see what chaos happens. Try that with physical locks.
"the [cloud] server does have strong security” --> oh, good
"and that users’ data have been encrypted by the MD5 algorithm --> WTF???
1. Everything goes open source.
2. Everyone settles on a standard way of communicating between those devices.
Sure, vulnerabilities won't disappear completely but they will go down. At this stage, I feel like they aren't exploited due to lack of interest rather than good will or lack of opportunities.
Literal head-desk. They ought to be sued. There is so much wrong with that one statement.
A security vulnerability discovered and responsibly reported by Craig Young of Tripwire exposes flaws in U-Tec UltraLoq locks, among other devices.