A hi-tech padlock secured with a fingerprint can be opened by anyone with a smartphone, security researchers have found.
On its website, Tapplock is described as the "world's first smart fingerprint padlock".
But researchers said it took just 45 minutes to find a way to unlock any Tapplock.
[...] The "major flaw" in its design is that the unlock key for the device is easily discovered because it is generated from the Bluetooth Low Energy ID that is broadcast by the lock.
Anyone with a smartphone would be able to pick up this key if they scanned for Bluetooth devices when close to a Tapplock.
Using this key in conjunction with commands broadcast by the Tapplock would let attackers successfully open any one they found, said Mr Tierney.
In response, Tapplock said in a statement that it was issuing a software update.
-- submitted from IRC
(Score: 4, Interesting) by Immerman on Friday June 15 2018, @01:53PM (11 children)
I'm still waiting for the day that "smart" padlocks exceed the security of traditional ones.
Seems to me the rule of thumb is that a traditional lock (especially padlocks) needs at least a modicum of personal lockpicking skill to open, while a smart one just needs you to have downloaded the right piece of software. Or bolt-cutters in either case.
I'll stick with the traditional locks, thanks. Heck, the good ones are almost unpickable - and if you're targetted by a thief with enough skill to do so, then you may as well just give up.
(Score: 2) by JoeMerchant on Friday June 15 2018, @01:58PM (9 children)
The bolt cutters will always win. I think a flask of LN2 can speed the process, also.
As for:
shoudn't that be a hype-tech padlock that you can open with a fingerprint, or a replay attack that even garage door openers figured out how to defeat with rolling codes in the 1970s?
🌻🌻 [google.com]
(Score: 4, Informative) by EvilSS on Friday June 15 2018, @02:01PM (7 children)
(Score: 2) by BsAtHome on Friday June 15 2018, @02:33PM (4 children)
They do exist, locks capable of resisting angle grinders.
However, I have never seen a lock resisting a regular tank. Well, a safe's version may require a sizable tank with proper ammunition.
(Score: 2) by Snow on Friday June 15 2018, @03:01PM (2 children)
I'd just throw a rock through your window.
Locks are for honest people.
(Score: 2) by Snow on Friday June 15 2018, @03:02PM
Oh, I didn't realize this was a padlock.
Nevermind, carry on!
(Score: 4, Insightful) by JoeMerchant on Friday June 15 2018, @07:03PM
Any time my wife gets "worried about the security of our door locks" I remind her that we've got 4 giant walls of glass, 2 on either side of 2 doors - it doesn't really matter how good our locks are, or aren't.
🌻🌻 [google.com]
(Score: 1, Touché) by Anonymous Coward on Friday June 15 2018, @04:01PM
Or two tanks, one of oxygen and the other acetylene commanded by a blowtorch.
(Score: 0) by Anonymous Coward on Friday June 15 2018, @05:50PM (1 child)
I was told that a can of aerosol Cheese-Whiz will open most key type locks when sprayed into a keyhole.
(Score: 2) by kazzie on Saturday June 16 2018, @09:24AM
Have the mice also told you that you have several large "keyholes" in your skirting board?
(Score: 2) by FatPhil on Friday June 15 2018, @02:41PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by darkfeline on Monday June 18 2018, @06:59AM
The majority of traditional locks are very easy to pick or bypass. "A modicum of personal lockpicking skill" can be acquired with a few hours of free time and basic manual dexterity. Locks are only there to keep honest men honest; real security is much more expensive since you need to keep the whole system in mind (weak chains, windows, door frames, walls, ceiling, floor, the thing you're chaining your bike to, there are many avenues for attack).
There's nothing inherently wrong with smart locks; a well-designed smart lock would be significantly harder to open and much cheaper than an equivalent traditional lock: an open source app that generates a private and public key, copies the public key to the open source lock, the lock is opened by signing a randomly generated token with the private key. Physical locks can always be picked if you're good enough, but no amount of amazing human dexterity is going to help you crack that 4096 bit private key.
Join the SDF Public Access UNIX System today!