I know some software engineers like that. Some of it is knowing that the companies that make iot devices don’t give a crap about security. Some of it is plain ol paranoia. Mechanical door locks can be picked does that mean you invest in guard dogs? Crime is a thing but so is misanthropy. I think we should take reasonable precautions but believe that there are more good ppl than bad.
Mechanical door locks can be picked, but it must be done at the lock in plain view rather than at a distance sitting in a car while you do the majority of the work and then casually walking up and opening the door. Locks are more of an inconvenience than a deterrent, so it should be made as inconvenient as possible. Connecting them to the internet is the exact opposite of that.
But more realistically someone robbing your house is going to ring your doorbell to see if someone is home, then just walk around checking for unlocked windows.
True, but again it’s about making it as inconvenient as possible. Manually locking windows and making sure they are locked is effective. In some places they put security bars on the windows. Tall fences can also create obstacles as well.
You won’t stop everyone that wants to break in, but you can create enough trouble to keep out most people. Making it convenient for yourself by connecting everything to the internet just makes it convenient for everyone else too.
Someone mentioned to me that those angry dog signs are a liability because if someone gets bit they can say you knew you had angry dog, so it’s best just to have a sign that says dog and doesn’t mention it’s mood
Might dependsl on your jurisdiction. But I wouldn’t be worried they’d probably need to prove you had a duty of care to them which you acted outside of which resulted in injuries that could have been avoided by you acting with a reasonable level of care.
Also if you did have a duty of care to them and knowingly had a dangerous dog not warning someone of known dangers (the dog) might constitute a break of your duty of care.
Tldr: It depends, you get what you pay for get your advice from actual local lawyers not random people on the street or the internet (like me).
An average house lock is pretty easy to pick. An average picker of locks could get through in minutes. Someone who trained for years could get through in a few seconds if they’re lucky. Someone using a pick gun, willing to risk damaging the lock, can often get through in seconds. But, each individual lock is different, so you never know how long it will take to get through. Taking any more than 10 seconds to get through a door looks suspicious, so it’s very risky to try to pick a lock if you’re not willing to take a chance at looking suspicious, even if you’re a master lock picker.
With electronic locks, if there’s an exploit for that lock and the person going up to the lock has access to it, they could get through instantly and not look at all suspicious. If there’s no exploit, the person is out of luck. The person trying to break in also doesn’t have to have any expertise. They just need access to the exploits. Also, because people are constantly trying to find exploits, there’s almost guaranteed to be a time when your lock is vulnerable. Making it worse, with an electronic lock, someone can inspect the lock one time, and then just wait for a vulnerability for that particular lock to be available.
Picking locks takes skill, kicking down a door is higher risk of alerting someone or getting caught. Those both deter a lot of would-be criminals.
Whereas a hack creates a situation where criminals are going to target those devices – it’s “low risk”. Any opportunistic asshole with 2 brain cells can download the hack and go around trying doors until it works.
In a meeting with a (business) customer regarding security precautions, my coworker had a great suggestion: we buy a mountain in Switcherland Switzerland, build a bunker there for the servers and hire a private army for protection. The customer liked the idea…
Yeah but how many people looking for a smash and grab are going to bring tools to cut through a wall instead of just going next door or through the window?
I think the real point is that mechanical locks don’t track when you leave and enter your home like electronic ones do. Not whether they are better or worse than mechanical.
A “hacker” breaking into your house is a fantasy. If some one wants in they are….breaking….into your house. Ie breaking your door or window. Mechanical or not doesn’t make a difference. It’s all security theater. However you can know the status of internet connected locks at least.
And those locks cost hundreds a piece. A “there is a security system here” sign would do more useful work. And a locksmith will tell you that picking is what you try AFTER you just try bypassing the lock entirely. Aka shim the door or break a window. Exactly what a burglar will do if they really wanted in. You do know that your garage door can be disabled with a coathanger threaded inside and grabbing the release hook, right? Or a jack wedged under with a crowbar, right? Or your decorative gnome in the front yard thrown through a window? Locks are a deterrent.
Locks can be picked, but good locks require picking skills far beyond what the average break and entry will have. They can be drilled, but that’s loud and increases the odds of being caught.
A software vulnerability can be triggered silently and will look like you’re an expected guest.
They’ll likely just smash the window in the back yard though so it’s a moot point
I know some software engineers like that. Some of it is knowing that the companies that make iot devices don’t give a crap about security. Some of it is plain ol paranoia. Mechanical door locks can be picked does that mean you invest in guard dogs? Crime is a thing but so is misanthropy. I think we should take reasonable precautions but believe that there are more good ppl than bad.
Mechanical door locks can be picked, but it must be done at the lock in plain view rather than at a distance sitting in a car while you do the majority of the work and then casually walking up and opening the door. Locks are more of an inconvenience than a deterrent, so it should be made as inconvenient as possible. Connecting them to the internet is the exact opposite of that.
But more realistically someone robbing your house is going to ring your doorbell to see if someone is home, then just walk around checking for unlocked windows.
True, but again it’s about making it as inconvenient as possible. Manually locking windows and making sure they are locked is effective. In some places they put security bars on the windows. Tall fences can also create obstacles as well.
You won’t stop everyone that wants to break in, but you can create enough trouble to keep out most people. Making it convenient for yourself by connecting everything to the internet just makes it convenient for everyone else too.
Tall fences are usually privacy fences and they can make it really easy for a thief to spend a ton of time unseen in your backyard.
Usually, but not always. I’m thinking more of the bar fence with spikes at the top.
Is the fence going to have a gate, and is that gate going to be locked? If so, you better put a fence around it to be safe.
locks keep people honest, and make thieves pick a house that’s less of a hassle.
Bear theory.
My house doesn’t need to be impenetrable, it just needs to be more of a hassle to get into than yours.
Not even that. It just needs to look like more of a hassle.
They really just let anyone buy those signs that say you have security cameras or an angry dog.
Someone mentioned to me that those angry dog signs are a liability because if someone gets bit they can say you knew you had angry dog, so it’s best just to have a sign that says dog and doesn’t mention it’s mood
“Dog with sharp teeth”
Might dependsl on your jurisdiction. But I wouldn’t be worried they’d probably need to prove you had a duty of care to them which you acted outside of which resulted in injuries that could have been avoided by you acting with a reasonable level of care.
Also if you did have a duty of care to them and knowingly had a dangerous dog not warning someone of known dangers (the dog) might constitute a break of your duty of care.
Tldr: It depends, you get what you pay for get your advice from actual local lawyers not random people on the street or the internet (like me).
I think CGP Grey has a video about this concept. It’s not so much that a mechanic lock is better or more secure.
It’s more that it takes one person
$x
seconds to break into one lock.That’s very different than allowing a million people the opportunity to break your digital lock millions of times.
It’s a different threat model.
An average house lock is pretty easy to pick. An average picker of locks could get through in minutes. Someone who trained for years could get through in a few seconds if they’re lucky. Someone using a pick gun, willing to risk damaging the lock, can often get through in seconds. But, each individual lock is different, so you never know how long it will take to get through. Taking any more than 10 seconds to get through a door looks suspicious, so it’s very risky to try to pick a lock if you’re not willing to take a chance at looking suspicious, even if you’re a master lock picker.
With electronic locks, if there’s an exploit for that lock and the person going up to the lock has access to it, they could get through instantly and not look at all suspicious. If there’s no exploit, the person is out of luck. The person trying to break in also doesn’t have to have any expertise. They just need access to the exploits. Also, because people are constantly trying to find exploits, there’s almost guaranteed to be a time when your lock is vulnerable. Making it worse, with an electronic lock, someone can inspect the lock one time, and then just wait for a vulnerability for that particular lock to be available.
And my smart lock alerts me when someone unlocks it. Sure it could be hacked, but it is more likely that someone will just kick the door open.
Picking locks takes skill, kicking down a door is higher risk of alerting someone or getting caught. Those both deter a lot of would-be criminals.
Whereas a hack creates a situation where criminals are going to target those devices – it’s “low risk”. Any opportunistic asshole with 2 brain cells can download the hack and go around trying doors until it works.
In a meeting with a (business) customer regarding security precautions, my coworker had a great suggestion: we buy a mountain in
SwitcherlandSwitzerland, build a bunker there for the servers and hire a private army for protection. The customer liked the idea…Is Switcherland on the Ethernet continent?
I knew it was a mistake to not to check dow it’s spelled
Dats chrazy
Bahnhof has a data centre in Stockholm like that - lots of ex-military bunkers around.
actually good mechanical door locks can only be picked by a handful of people in the world with special tools most of whom are locksmiths
the word “picked” does a lot of heavy lifting here.
Most professional thieves won’t care about damaging your lock. It’s called “breaking” and entering for a reason.
And if your door is super reinforced better hope your wall is too
Yeah but how many people looking for a smash and grab are going to bring tools to cut through a wall instead of just going next door or through the window?
And a properly secured network can’t be compromised by some amateur thief sitting in their car. Point was that foolproof security is a fantasy.
I think the real point is that mechanical locks don’t track when you leave and enter your home like electronic ones do. Not whether they are better or worse than mechanical.
Point is reducing attack surface by not having internet connected lock 🙄
A “hacker” breaking into your house is a fantasy. If some one wants in they are….breaking….into your house. Ie breaking your door or window. Mechanical or not doesn’t make a difference. It’s all security theater. However you can know the status of internet connected locks at least.
I’m not just talking about locks. I’m talking about the concept of IoT itself.
And those locks cost hundreds a piece. A “there is a security system here” sign would do more useful work. And a locksmith will tell you that picking is what you try AFTER you just try bypassing the lock entirely. Aka shim the door or break a window. Exactly what a burglar will do if they really wanted in. You do know that your garage door can be disabled with a coathanger threaded inside and grabbing the release hook, right? Or a jack wedged under with a crowbar, right? Or your decorative gnome in the front yard thrown through a window? Locks are a deterrent.
But if my printer ever laughs at my bad jokes I’m keeping my hammer ready, just in case.
Locks can be picked, but good locks require picking skills far beyond what the average break and entry will have. They can be drilled, but that’s loud and increases the odds of being caught.
A software vulnerability can be triggered silently and will look like you’re an expected guest.
They’ll likely just smash the window in the back yard though so it’s a moot point