SoylentNews is people
SoylentNews
This fingerprint-verified smart lock can be foiled by a magnet:
Tapplock, a company that makes fingerprint-verified locks, has had a rough time with its locks' security. The company's flagship lock, which has been available since 2019, is apparently easy to pop open with a magnet. YouTuber LockPickingLawyer published a video last week showing how he could use a powerful magnet to turn the motor inside the Tapplock One Plus, causing it to open. The entire process takes less than 30 seconds.
The Tapplock One Plus costs $99 and features a fingerprint sensor. It also has built-in Bluetooth, so people can unlock it using an app. In response to the video, Tapplock commented: "Wow! Shout out to LPL for finding this exploit. Working on a fix with magnetic shielding, will be back."
This is a commendable reply, although it doesn't do much for people who already bought the lock. Most companies ignore bug reports or fail to fix the flaw. It at least seems like Tapplock wants to figure out how to prevent this kind of attack.
(Score: 1, Offtopic) by Runaway1956 on Monday April 06 2020, @08:11AM (15 children)
There is a huge variety of materials that are inherently protected from manipulation by magnets. Wood and paper won't work here, but there is plastic, aluminum, stainless steel, and so much more.
It is likely that, the lock itself doesn't need to be altered - just make the tumblers and pins from titanium or some such. The material chosen dictates the durability of the lock - cheap aluminum will wear out relatively quickly, titanium will last quite a long while, stainless will last even longer.
Abortion is the number one killed of children in the United States.
(Score: 4, Touché) by sjames on Monday April 06 2020, @08:22AM (8 children)
This is one of those times you really need to read (watch) all of the background material. The lock has a motor inside that unlocks it in response to a fingerprint or bluetooth. LPL used a strong magnet to rotate the motor shaft inside the lock to move it to the unlocked position. You can't make that out of non-magnetic material.
So shielding it is.
(Score: 2) by Runaway1956 on Monday April 06 2020, @08:48AM
LOL - now I do feel dumb. I read it, did something else, came back, looked again, and focused on "magnetic shielding", forgetting all about the motor. Yeah, if you can run the motor, however slowly, using remote means, then you control the lock.
Abortion is the number one killed of children in the United States.
(Score: 3, Insightful) by Bot on Monday April 06 2020, @11:46AM (6 children)
Why don't you use the strength of the attacker against him? Instead of shielding have an element subsceptible to magnets between the motor and the lock. If you get a magnet nearby the element displaces itself and blocks the mechanism.
Account abandoned.
(Score: 2) by Bot on Monday April 06 2020, @11:48AM (4 children)
It needs to be as simple as a spring attached metal pin which blocks the rotation of the motor.
Account abandoned.
(Score: 2) by RS3 on Monday April 06 2020, @02:02PM (3 children)
That might be a brilliant idea. It needs testing.
Your idea (maybe Tapplock would pay you?) plus some "mu-metal" https://en.wikipedia.org/wiki/Mu-metal [wikipedia.org] shielding around the motor might fix the problem.
Of course a bolt cutter or cutoff wheel won't care...
(Score: 2) by DannyB on Monday April 06 2020, @04:48PM (2 children)
Tapplock seems to do testing after the product ships.
Maybe the assumption is they can fix it with a software update.
The device driver team has been tasked to create a patch that makes changing the lightbulb unnecessary.
Young people won't believe you if you say you used to get Netflix by US Postal Mail.
(Score: 2) by RS3 on Monday April 06 2020, @06:51PM
Long ago we all became beta testers for everything. 'nuff said.
(Score: 3, Interesting) by RS3 on Tuesday April 07 2020, @12:34AM
You gave me another idea. Not sure how the hardware is designed, but if they put sensing on the motor leads, they could sense external magnetic influences, and intentionally drive the motor a little- enough to keep it locked.
They could also do a coil or a Hall-effect sensor and again, drive the motor toward locked when external magnetic fields come around.
(Score: 2) by EETech1 on Tuesday April 07 2020, @05:12AM
Just make the lock body out of steel.
Then you will be afraid of holding that huge magnet anywhere near it, and you certainly wouldn't be able to swipe it over the lock like he does in the video.
For reference, here's a 2 inch diameter, 2 inch thick magnet, and it has a pull force of 377.6 pounds.
https://www.kjmagnetics.com/proddetail.asp?prod=DY0Y0-N52 [kjmagnetics.com]
There's lots of good info on that site too!
https://www.kjmagnetics.com/blog.asp [kjmagnetics.com]
(Score: 2) by maxwell demon on Monday April 06 2020, @08:27AM (5 children)
But motors use magnetic fields to work. And the summary explicitly mentions that the magnet turned the motor.
Replacing the magnets in the motor by non-magnetic materials would render that motor non-functioning.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Touché) by driverless on Monday April 06 2020, @09:42AM (2 children)
So it'd make the lock very, very secure. I don't see the problem, you just need to climb in the window instead.
(Score: 2) by maxwell demon on Monday April 06 2020, @12:01PM (1 child)
That's not the problem of the lock maker.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by driverless on Monday April 06 2020, @12:15PM
It would even pass a BS 7799 security audit because the window is outside the security perimeter and thus not an auditable object.
(Score: 2) by RS3 on Monday April 06 2020, @02:22PM
You probably know most of this, but for everyone reading:
Seeing this last evening, my first thought was to make a motor with no iron pole pieces in the armature/rotor. The rotor is the thing that turns in a motor, and in this case drives the mechanism which unlocks the lock's shackle.
Most small DC motors have an electromagnetic rotor, with "brushes" to get the electric current into the rotor's wire coils, and permanent-magnet stator, aka field.
The rotor's iron (steel) pole pieces, around which the wire coils are wrapped, are attracted to the force of the external magnet that LPL used to pick the lock.
Iron is used for pole pieces because it greatly improves magnetic efficiency and motor torque (output force), but it's not necessary. You could make the rotor out of plastic, with copper wire coils, and the plastic would not be attracted to the external lock-picker's magnets. The motor would be weaker, but it might still be good enough in this case.
(Score: 2) by RS3 on Monday April 06 2020, @06:55PM
I politely disagree. Please see my post lower in this discussion. Basically you can make a motor with just copper coils- no need for iron/steel. My idea is to replace the rotor steel with plastic (or anything physically strong but non-magnetic). Stator (field) can be permanent magnets.