back to article REVEALED: Simple 'open sesame' to unlock your HOME by radiowave

A pair of security researchers probing the Z-Wave home-automation standard managed to unlock doors and disable sensors controlled by the technology. Behrang Fouladi and Sahand Ghanoun took a long hard look at Z-Wave for their presentation at last week's Black Hat hacking conference in Las Vegas. The wireless standard dominates …

COMMENTS

This topic is closed for new posts.
  1. Dr_N

    Who..?

    ... would use a wireless lock on their front door?

    1. Steve Davies 3 Silver badge
      WTF?

      Re: Who..?

      Those who use 'keyless' entries to their cars perhaps?

      Again, no one here has asked the question...

      Just because we can do x,y,z, should we?

    2. Anonymous Coward
      Anonymous Coward

      Re: Who..?

      Both my aging parents have managed to either lose keys, or worse, just leave them stuck in the outside lock. They're not ready for the funny farm yet, just a little forgetful. So an RFID controlled lock is just the ticket.

      1. Dr_N

        Re: Who..?

        "So an RFID controlled lock is just the ticket."

        Wouldn't they just lose the RFID tag/key too?

        Unless you are planning to chip your parents like cattle...

        1. John Tserkezis

          Re: Who..?

          Wouldn't they just lose the RFID tag/key too? Unless you are planning to chip your parents like cattle...

          No need to secure the keys to a person.

          If you lose a regular key, you assume it's no longer secure and you change your locks.

          It's the same for RFID, but "changing the locks" instead involves a mere few keystrokes decomissioning the single RFID key that was lost. Faster and cheaper than replacing your locks.

          1. monkeyfish

            Re: Who..?

            I was going to suggest putting the RFID key on a necklace to prevent loss, but then I realised you could do that with a normal house key too. Maybe the RFID key would be lighter/less pointy though, so more likely it wont be taken off?

      2. Evil Auditor Silver badge

        Re: Who..?

        @AC 09:46 GMT

        As others have asked already I also wonder how they are not going to lose the RFID tag.

        No need to be aging though to get oneself locked out. Happened to me quite recently (or maybe I'm showing some age, too?!) and cost me a few hundred quid to open/replace the lock. I'm probably going to biometrics soon since it's rather difficult to forget ones hand inside the house when leaving. I'm fully aware of the possible problems with biometrics but for me that's just the right solution.

        1. Heathroi
          Thumb Up

          Re: Who..?

          Same except i had a 4 year old to slide in an slightly open window, something your average burglar is not likely to have. (the whining doesn't stop)

          1. MonkeyCee

            Re: Who..?

            Hah, I was 11 when I was induced into climbing through a lavvy window to let in the responsible adult who'd locked us out. After I'd asked if he'd got the key.

            No whining from me tho. A simple bribe to not tell my mother :) not sure how well this will fit into your child rearing toolbox

        2. Stevie

          Re: Who..?

          " I'm probably going to biometrics soon since it's rather difficult to forget ones hand inside the house when leaving. "

          I had the great pleasure of experiencing state of the art consumer biometrics while visiting Universal Studios Islands of Adventure in Florida this year, where the lockers they provide are locked and released by fingerprint.

          The biggest issue with the idea seemed to be the high levels of exhaustion exhibited by the people employed to unlock lockers that refused to open again, and the increasing levels of irritation of non-English speaking merry-makers who couldn't get their stuff and couldn't find the locker-opener-upperer. One French lady was reduced to tears by the swinish machine until I found someone to help her out.

          I developed the theory it was down to changes in shape of peoples' fingers due to humidity and A/C since people would lock the lockers after standing outside in the heat and/or rain but unlock them after upwards of an hour in cool, dry air, though one of my lockers testily announced that it didn't like the cut of my jib, had quarantined my stuff and wouldn't even attempt reading my fingerprint until I had consulted a human. Presumably the computer was having a bad day and was tired of the names people were calling it.

          I wish you well during the depths of a cold wet English winter as you struggle with your own front door. I suggest a backup keyed entry be installed and the neighbours alerted to the possibilities of strong invective.

      3. tony2heads

        Re: Who..?

        just get a key chain that attaches to a belt

        1. Stevie

          Re: Who..?

          "just get a key chain that attaches to a belt"

          You know, it took me almost a year to figure out where the horizontal scratches on my new car were coming from. Seemed like every time I drove to the station I would return from work to find a new scratch.

          Then I realized that fucktards with dogchains on their belts were dragging past my car while it was parked in the station carpark. I made a point of not parking next to SUVs or pickups after that and the problem was much mitigated.

          Then there are those who proudly deploy the belt-mounted retractable key hawser. Why do morons think it is cool to carry a dozen keys and a bottle opener dangling off one hip?

          1. Intractable Potsherd

            Re: Who..?@ Stevie

            "Why do morons think it is cool to carry a dozen keys and a bottle opener dangling off one hip?"

            It isn't cool, but it *is* efficient. My keys are attached to an anodised bright red carabiner (with a torch in it!), all the time. In the house they are hung up in the same place. Out of the house they are on my belt (unless I'm dressed up, in which case in my computer bag or suit pocket). No-one else in my house does remotely the same thing - guess where the delays and panics come from when keys can't be found? I then get told off for being grumpy due to basic inefficiency.

            I do take care not to scratch people's cars though - mainly by not squeezing through gaps between them!

            To cut a long story short - you'll prize my keys from my cold, dead belt-loop!

    3. JDX Gold badge

      Re: Who..?

      Many businesses use such locks, this isn't just about homes.

      As for why... the humble key was not originally chosen because it's the best possible way of securing a lock. It was chosen because at the time, it was the best solution afforded by modern technology. Assuming an old solution must be better than a new one is as bad as assuming a modern solution is better than a old one.

      1. big_D Silver badge
        Mushroom

        Re: Who..?

        But the businesses don't use a wireless lock! The reader might be RFID, but it runs over a nice bit of cable inside the building to the main control box.

        The wireless locks are for the lazy / cheapskate customers who want something swanky, but don't want the cost involved in doing it properly by laying cables around the house and redecorating afterwards.

  2. Schultz

    Not fair

    "security through obscurity has, yet again, arguably proved to be worse than no security at all."

    This is not true, there is a lock on the door and it will repel most potential burglars. The exploit shows that security through obscurity must always be considered as potentially flawed, but in the real world it still works most of the time.

    Arguably my ass. That qualifier doesn't save yours this time :).

    1. Evil Auditor Silver badge
      Alert

      Re: Not fair

      Schultz, I partly agree with you as it's still better than no lock at all. But the problem is that the users believe they are safe when in fact they are more vulnerable than with a good, ordinary key lock.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not fair

        > more vulnerable than with a good, ordinary key lock.

        Not really. You can easily make a "bump" key for an ordinary lock. This will enable anybody to open the lock in seconds.

        1. Anonymous Coward
          Coat

          Re: Not fair

          Which is why it's worth investing some money in lock barrels that don't allow this sort of attack.

        2. The BigYin

          Re: Not fair

          "Not really. You can easily make a "bump" key for an ordinary lock. This will enable anybody to open the lock in seconds"

          Only if you buy cheap-ass, shitty locks (usually only rated for internal use). And if you have those on your front door - kiss any insurance cover goodbye.

          1. Anonymous Coward
            Anonymous Coward

            Re: Not fair

            There are millions of these around since Euro cylinders have been around much longer than these techniques have.

            I've warned countless people about this and have been met with indifference. It was only when a family member got broken into that people took notice.

      2. Anonymous Coward
        Anonymous Coward

        Re: Not fair

        A thief can bump a euro cylinder. They can also snap them in under 60 seconds if there's about 10mm or so to clamp a tool onto.

        1. Anonymous Coward
          Anonymous Coward

          Re: Not fair

          A thief (or a so-called locksmith in much of Europe) does not piss around picking a lock when it can be drilled or, more often, a window smashed.

          Note that there are countermeasures to both attacks I describe above. The point is they will not waste their time trying not to fuck up your lock.

          1. The BigYin

            Re: Not fair

            "A thief (or a so-called locksmith in much of Europe) does not piss around picking a lock when it can be drilled"

            This is noisy, it attracts attention (especially if the barrel is hardened against drilling). As for snapping, an anti-snap lock will leave the thief holding a useless shard of metal with the lock still firmly in the door. Bumping? Well helloooooo anti-bump locks. Yes, if you buy a £10 piece of crap then your points hold. If, however, you throw some actual wedge at an actual lock you improve your chances. And one good lock at that, not six shitty ones weakening the door and frame

            When we moved house we changed the locks after a few lock-picking classes. Eye-opener. Bumping is a piece of piss on a cheap lock. If you are reading this, own property and you haven't been to lock-picking classes, go.

            The goal is not to be impenetrable - the goal is to be too much bother so bastards move on.

    2. Anonymous Coward
      Anonymous Coward

      Re: Not fair

      Obscurity is to security what camouflage is to armor.

      1. JDX Gold badge

        Re: Not fair

        And yet camouflage is still used even on armoured vehicles.

        1. The BigYin

          Re: Not fair

          > And yet camouflage is still used even on armoured vehicles.

          Nice try, and I did chuckle.

          "Security by obscurity" is more like painting your armoured vehicle luminescent yellow and then getting all upset when people can see it. And, if you were the MPAA/RIAA/BPI demanding a law be passed to make it illegal for people to look at your luminescent yellow armoured vehicle rather than fix the actual issue.

  3. William 3 Bronze badge

    It's all academic anyhow.

    Security is a myth. Look, a lock on a door only keeps honest people out.

    And if the security on a house is "That" good that it can't be cracked, the next avenue of attack is a crowbar. Not on the locks themselves, but menacingly waved at the owner of the house.

    Of course, if you don't wish to go down the direct physical route, there is always social engineering, and good old blackmail and extortion.

    With any security, humans are the weakest link. And, well, you know the rest....

    1. Tom Wood

      Re: It's all academic anyhow.

      Yes - unless you want super thick laminated glass or big hefty bars on all your windows, a determined burglar can always get in using a decidedly low-tech housebrick. Might make some noise and potentially draw attention, but that depends on where you live.

      1. Irongut

        Re: It's all academic anyhow.

        A burglar would have trouble getting into my home with a brick. I think they would struggle to throw it through the second storey windows and even if one did break it would require a very long set of ladders and draw a lot of attention from my neighbours.

        Even more difficult would have been when I lived on the 20th floor.

        So a burglar can't always get in using a brick, no matter how determined they are.

        1. Don Jefe

          Re: It's all academic anyhow.

          If you lived in an apartment that had fire code compliant doors they are designed to break open fairly easily. Even doors with steel doors with steel frames have weakness designed into the area on both sides of the knob and deadlock cylinders.

          Unless you put your own security doors in then a cinder block will open almost any door. The thing the police carry is massive overkill.

          1. Anonymous Coward
            Anonymous Coward

            Re: It's all academic anyhow.

            > Unless you put your own security doors in then a cinder block will open almost any door.

            And even if he does, then you just knock a hole on the wall. Seen that happen. :-)

          2. Anonymous Coward
            Anonymous Coward

            Re: The thing the police carry is massive overkill.

            The police most likely want to open the door first time, so "massive overkill" helps probably ensure this. Especially as they can't necessarily know in advance exactly what sort of non-standard door they might be facing.

  4. jai

    hmmmm

    and i was quite taken with this solution so i don't have to struggle to use keys to unlock the door when my hands a full of shopping or large boxes: http://www.kwikset.com/Kevo/Default.aspx

    1. Anonymous Coward
      Anonymous Coward

      Looks good, but iPhone only means it is of little use unless your entire family and anyone you want to grant access is an iPhone fan......

    2. The Infamous Grouse

      and i was quite taken with this solution so i don't have to struggle to use keys to unlock the door when my hands a full of shopping or large boxes: http://www.kwikset.com/Kevo/Default.aspx

      Kwikset? They can bolt on all the electronic bits and bobs they want, but when the SmartKey barrel itself can be picked or destroyed within 15-30 seconds it's all a bit moot.

      http://www.wired.com/threatlevel/2013/08/kwikset-smarkey-lock-vulns/

  5. This post has been deleted by its author

  6. Anonymous Coward
    Anonymous Coward

    Security through obscurity...

    ... can work.

    A business near me was getting repeated break-ins without triggering the alarm, so had the alarm upgraded... same thing happened.

    It only stopped when they installed some plain boxes with flashing LEDs. The burglars were familiar with the standard alarm systems and knew how to get around them, but the blinking light on a no-name box they were unsure of :)

    Anonymous for obvious reasons.

  7. Anonymous Coward
    Anonymous Coward

    Physical locks rule!

    Once again, Yale lock for when everyone is home in the daytime, plus mortise locks and bolts for the evening. Double glazing should stop all but the most determined bastard coming in through the window (but I've witnessed a fireman, who must have thought no one else was looking, deal with one of those with ease, during a fire emergency).

  8. Rol

    Try This

    If the "key" was challenged by the "lock" replay wouldn't work.

    Key says, "Hi I'm Mr Smith"

    Lock says "Hi Mr Smith 15821547", which is a random number.

    Key applies algorithm and says "Mr Smith 75452458"

    Lock compares this to its own calculated answer and voila, the door unlocks.

    This is so simple and so fundamental to security that not to implement it, is tantamount to assisting in a crime.

    I've mentioned this technique before on The Reg, but it's worthy of mention again and again and again, until the muppets who sell "security" get it.

    1. Tom Wood

      Re: Try This

      Er... did you read the article? The replay attack was on a wireless sensor not a door lock.

      "Our attacker just identifies a lock on the network and sends it a new network key from his own network controller; the fickle door lock happily forgets its previous attachment and stands ready to respond to new commands, suitably encrypted using the new key, such as "open the door, please"."

      The network key is part of the "algorithm" you mentioned.

    2. AndyS

      Re: Try This

      That would help with the sensor example, but not the lock in this article. The security flaw here is that the lock was re-paired to a new controller, which then told it to open. The authentication was done correctly, and the door opened as commanded - only it was told to do so by the intruder's controller, not the house's correct one.

    3. Rol

      Re: Try This

      "Lock" as a generic term refers to anything you want to prevent unauthorised access to, be it a lock, wifi or the button that launches nuclear Armageddon.

      That's why I put lock and key in quotes.

      Do keep up!

  9. johnaaronrose

    Simple solution to being locked out

    Buy a key safe (approx £20) from somewhere like Wilkinsons. It's attached to the wall using serious screws, so difficult to lever/hammer off. . It requires a 4 digit pin to open it & remove the key(s). Preferably site the key safe out of view.

    1. Anonymous Coward
      Anonymous Coward

      Re: Simple solution to being locked out

      Are you serious?! You trust your house security to a £20 tin box from Wilkos?

      Locating it out of sight means the person who opens it with a tin opener won't be observed in the 30 seconds it takes them to do this.

      Give your spare key to a trusted neighbour, and use the £20 to buy them some wine/chocolates.

      1. johnaaronrose

        Re: Simple solution to being locked out

        I suggest that Anonymous replier to my message looks at the particular key safes from Wilkos before making comments. The key safe that I bought is made of hardened steel. In fact, very similar ones are provided by some Social Services departments to older people.

    2. GumboKing
      Coat

      Re: Simple solution to being locked out

      It would seem to me that remembering a 4 digit pin might be harder than remembering to take a key out of a lock. Which would probably lead to:

      "1234, That is amazing! I've got the same combination on my luggage!"*

      *ok it was actually 12345

  10. Anonymous Coward
    Anonymous Coward

    Lightwave RF Too

    I use Lightwave RF (a similar standard to Z-Wave) at home, and had considered using a wireless-controlled relay to open and close my electric garage door. Then I thought about the protocols, looked into it's security, and found almost half a dozen ways of triggering the relay from outside; in some cases no prior knowledge of or access to the network was needed. Truly scary!

    In the case of LWRF it's not a case of flawed implementation, but simply no security in the design whatsoever.

    All of these manufacturers need to either take security seriously, or make it clear in big writing on their packaging that it shouldn't be used for anything security or safety related. I can cope if some criminal wants to turn my fountain on and off, or even flash my house lights - but wouldn't use any of these technologies anywhere near a security or safety device unless they make massive improvements in security.

  11. John Smith 19 Gold badge
    FAIL

    So the *illusion* of security without the reality.

    What could possibly go wrong?

  12. Anonymous Coward
    Anonymous Coward

    Security through obscurity

    As far as I know, ALL security relies on some form of obscurity. Most times it's something we know that we don't have, like a password, the secret key etc. Security through obscurity is the norm in the computer industry. As we all know, having a transparent process that everyone can see is not a guarentee of security either. We have lots of open source software where we continue to find security flaws, even years after the code is released.

    We find exploits in the wild for open software before those that have code for the process know that there's a hole. I agree that having a flawed security stack and obscuring it is not a guarentee that the flaws won't be found out. It's also true that by obscuring the stack, it took the researchers a bit more effort to break into the system than it would have if they'd had all the specs and code in front of them to begin with.

  13. Martin 15

    keysafe combinations

    The combination on those keysafes is not that impressive - both the cheapie and expensive ones use the same system. Pick 1 to 9 numbers as the combination. However, the order is irrelevant 1234=2341=4231 etc reduces the possibilities quite a bit, They are tough buggers when properly fitted to a wall though.

  14. Mage Silver badge

    DOS on Wirelss.

    Wireless is really stupid for alarm sensors. Alarms by default go off if they detect jamming. So you repeatedly "jam" the frequency/band without attempting entry. Then when the alarm doesn't go off, you break a window at the rear. You park the white van in front or even the driveway. During the day! Carry everything out by the front door (Mains angle grinder at bolts if a deadlock).

    Locks and wired alarms are a deterrent. Wireless alarms are an illusion for Cheapskates that don't want 4 core alarm wiring.

  15. Herby

    Being obscure is only a ploy...

    To get those who have the items to subscribe to a service that has a (unreasonable) monthly fee. No more, no less.

    If they were "open" then they couldn't count on the subscription fee (where the $$$ is) and couldn't sell the items. I see ads for these things (nice wireless front door goodies) and they tout nice iPhone apps. The problem is that they use MY internet connection to do all the dirty work, and charge me a monthly fee. Sorry, that doesn't work for me.

    I'll stick with locks and keys for now.

    As for 'alarms': I built up a little box that had a couple of batteries in it and just blinked a nice LED. It had a nice looking keyswitch, and an antenna. It cost about $5 total to make (the box was a big factor). I used it on a storage locker, but the blinking light drove one of the other tenants crazy and I needed to remove it. After that, the storage locker was broken into. I will fight better next time.

This topic is closed for new posts.

Other stories you might like