Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Thursday May 09 2019, @02:33AM   Printer-friendly
from the no-battery dept.

Submitted via IRC for Runaway1956

Tenants at a property in New York City just struck a deal in what is both a wildly reasonable ask but also a crucial precedent at a time of increasing surveillance—their landlord has to give them physical keys to their building.

Five tenants in Hell’s Kitchen sued their landlord in March after the owners installed a Latch smart lock on the building last year. It is unlocked with a smartphone, and reportedly granted tenants access to the lobby, elevator, and mail room. But the group that sued their landlords saw this keyless entry as harassment, an invasion of privacy, and simply inconvenient.

“We are relieved that something as simple as entering our home is not controlled by an internet surveillance system and that because we will now have a mechanical key they will not be tracking our friends and our family,” 67-year-old tenant Charlotte Pfahl, who has lived in the building for 45 years, told the New York Post.

Source: After Smart Lock Allegedly Traps Senior in Apartment, Tenants Sue for Physical Keys and Win


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by Arik on Thursday May 09 2019, @04:16AM (7 children)

    by Arik (4543) on Thursday May 09 2019, @04:16AM (#841196) Journal
    "The physical part of the lock is always the biggest weak point. Cryptography when done well is mathematically unbreakable within a reasonable time frame. But no physical lock is unpickable or unbypassable."

    Correct. And any lock which protects real (rather than virtual) property has to be a physical lock, even if it has a virtual component - it can still be picked or bypassed.

    You don't make it more secure by adding a second vector of attack, even if it is one that's truly impossible to exploit, you still haven't improved security at all. Because no matter how secure your cryptography is, I can simply ignore it and focus on the physical lock.

    And of course that's all in fantasy world where these things are done right. In the real world that virtually never happens. Why would the company spend a lot of money on really improving security? Their development budget is obviously better spent on making sure their products spy on the buyers. THAT's something they can make money on.
    --
    If laughter is the best medicine, who are the best doctors?
    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 3, Interesting) by darkfeline on Thursday May 09 2019, @07:11AM (6 children)

    by darkfeline (1030) on Thursday May 09 2019, @07:11AM (#841228) Homepage

    >And any lock which protects real (rather than virtual) property has to be a physical lock, even if it has a virtual component - it can still be picked or bypassed.

    No it can't be picked, as there's no keyhole of any kind. It can be bypassed, but that is easier to secure relative to a keyhole. You can always saw through a deadbolt, but that's way more effort/energy/brute force than picking a keyhole.

    Consider an idealistic lockbox. There's always a physical attack: drills, saws, etc. If the lockbox uses some sort of physical key, you can always pick it and that will generally be easier. Of course, more expensive locks will be harder to pick, but it will always be physically possible.

    But if the lockbox uses an ideal digital lock, it can't be picked. It can still be breached physically, but you're not defeating math.

    A digital lockbox is strictly theoretically superior to a physical lockbox. Of course, practice is different from theory; so far it is far more practical to build a secure and cheap physical lockbox than a digital one, and that's why I expressed hope in engineering progress that would allow a digital lockbox to be viable.

    --
    Join the SDF Public Access UNIX System today!
    • (Score: 3, Informative) by Arik on Thursday May 09 2019, @11:35AM (4 children)

      by Arik (4543) on Thursday May 09 2019, @11:35AM (#841293) Journal
      "No it can't be picked, as there's no keyhole of any kind. "

      Yeah, that's not actually a requirement. As an example, many electronic locks with no keyhole are nonetheless easily pickable using a magnet. If you can manipulate the tumblers (or whatever are passing for them in the design) from the outside, then you can pick the lock, keyhole or no keyhole.

      "But if the lockbox uses an ideal digital lock, it can't be picked. It can still be breached physically, but you're not defeating math."

      It can still be picked, that part I must simply disagree with. The second part? Maybe true but that's not the point. I don't want to defeat math, I just want (hypothetically) to get past the lock.

      https://www.youtube.com/watch?v=2KSoPIeN9wY picking a digital lock with no keyhole, using a magnet.

      --
      If laughter is the best medicine, who are the best doctors?
      • (Score: 2) by c0lo on Thursday May 09 2019, @12:56PM (3 children)

        by c0lo (156) Subscriber Badge on Thursday May 09 2019, @12:56PM (#841306) Journal

        picking a digital lock with no keyhole, using a magnet.

        Not all models of digital lock have the same weakness. One can design a digital lock impervious to any magnet.

        --
        https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
        • (Score: 2) by Arik on Thursday May 09 2019, @02:03PM (2 children)

          by Arik (4543) on Thursday May 09 2019, @02:03PM (#841325) Journal
          Not all models have the same weakness, no. But the claim that they are as a class immune to being picked simply doesn't stand up.

          In the case I cited, you can (at considerable expense) have those locks retrofitted with non-ferrous replacement parts to prevent this from working. Rarely done, but that's besides the point.

          Is the lock unpickable after the modification? No. That's fallacious logic. Just because you don't know immediately *how* to pick it, doesn't mean it can't be picked. It's a physical lock, it has somewhere in it at least one tumbler, and if you can by any means move the tumbler(s) into place you have picked it. It may be practically impossible to pick it (at least right up until the moment someone finds a way) but the idea that *as a class* you can say they aren't pickable is not good. Exactly the sort of thinking that leads to nearly every electronic lock being quite easy to circumvent.
          --
          If laughter is the best medicine, who are the best doctors?
          • (Score: 2) by c0lo on Thursday May 09 2019, @03:22PM (1 child)

            by c0lo (156) Subscriber Badge on Thursday May 09 2019, @03:22PM (#841363) Journal

            Nitpicking (no I didn't change topics)

            In the case I cited, you can (at considerable expense) have those locks retrofitted...

            Naaahhh, the approach is to just sell a higher security higher price model with pre-fitted non-ferrous components. Brass is good enough.

            Is the lock unpickable after the modification? No. That's fallacious logic.

            Strictly speaking, yes. Just because lock picking is a term that applies to key operated locks.
            E.g. opening the code lock of safe is usually named safe cracking [wikipedia.org]

            It's a physical lock, it has somewhere in it at least one tumbler, and if you can by any means move the tumbler(s) into place you have picked it.

            Wanna bet?

            Look, I'm gonna use a simple crossbar latch mechanism embedded into the door - you'll agree that a latch is a door lock. Except I'll add a minor modification: to latch is kept into locked position by a hydraulic piston that's inaccessible to the hardened side.
            If you wanna open from inside, you just rotate a ball valve which allows the hydraulic oil to flow into a small reservoir and you can open the latch by pulling the inside lever.

            On the outside/hardened side, you have the digital pad to enter your code - if accepted, a battery operated circuit opens the valve. If not, the valve remains closed and the force you need to apply against the hydraulic pressure is higher than the break point of the outside lever of the latch.

            --
            https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
            • (Score: 2) by Arik on Thursday May 09 2019, @04:02PM

              by Arik (4543) on Thursday May 09 2019, @04:02PM (#841374) Journal
              "Naaahhh, the approach is to just sell a higher security higher price model with pre-fitted non-ferrous components. Brass is good enough."

              Both options are available, both are rare. Not only because of substantially increased cost of purchase, but also TCO. Because when you *need* the locksmith to gain access to it, his quickest and easiest way to access it is removed.

              But, that doesn't mean he won't be able to do the job. It will just take him a little longer. And if the locksmith can do it, then it's also possible for an adversary to do it.

              This is a fundamental paradox of security in all its forms. Anything perfectly secure would also be perfectly impossible to maintain. The first time there's a malfunction, forget it, you can't break in to fix it. Manufacturers aim to make money, and they balance the possibility of bad reviews and other fallout from less secure products against the increased support costs etc. that result when the idiot buyer inevitably locks himself out and demands they fix it. The latter turns out to be much more frequent and important than the former.

              "Strictly speaking, yes. Just because lock picking is a term that applies to key operated locks.
              E.g. opening the code lock of safe is usually named safe cracking [wikipedia.org]"

              I wasn't talking about safe cracking though, it's still quite possible it might be picked. Just because no one you or I are aware of at the moment doesn't mean no one has, and even in no one has, someone might later. It's the same situation as with the steel one, before the magnet trick got out and it was presumed unpickable. And yet it turns out to be one of the easiest locks ever made. Slap a $20 magnet on the side and what is effectively a single tumbler is picked in the blink of an eye. Extremely convenient for the locksmith, and for the idiot customer who's probably a lot more likely to lock himself out than to see an attempted burglary thwarted by the lock.

              Anyway, once you replace it with brass, the magnet doesn't work, but that doesn't mean it's unpickable. It just means we're waiting to see how it will be done.

              --
              If laughter is the best medicine, who are the best doctors?
    • (Score: 2) by DannyB on Thursday May 09 2019, @02:33PM

      by DannyB (5839) Subscriber Badge on Thursday May 09 2019, @02:33PM (#841334) Journal

      No it can't be picked, as there's no keyhole of any kind. It can be bypassed, but that is easier to secure relative to a keyhole.

      The best remedy for that in the true spirit of IoT is to provide a USB port.

      --
      People today are educated enough to repeat what they are taught but not to question what they are taught.