SoylentNews is people
SoylentNews
This fingerprint-verified smart lock can be foiled by a magnet:
Tapplock, a company that makes fingerprint-verified locks, has had a rough time with its locks' security. The company's flagship lock, which has been available since 2019, is apparently easy to pop open with a magnet. YouTuber LockPickingLawyer published a video last week showing how he could use a powerful magnet to turn the motor inside the Tapplock One Plus, causing it to open. The entire process takes less than 30 seconds.
The Tapplock One Plus costs $99 and features a fingerprint sensor. It also has built-in Bluetooth, so people can unlock it using an app. In response to the video, Tapplock commented: "Wow! Shout out to LPL for finding this exploit. Working on a fix with magnetic shielding, will be back."
This is a commendable reply, although it doesn't do much for people who already bought the lock. Most companies ignore bug reports or fail to fix the flaw. It at least seems like Tapplock wants to figure out how to prevent this kind of attack.
(Score: 4, Touché) by sjames on Monday April 06 2020, @08:22AM (8 children)
This is one of those times you really need to read (watch) all of the background material. The lock has a motor inside that unlocks it in response to a fingerprint or bluetooth. LPL used a strong magnet to rotate the motor shaft inside the lock to move it to the unlocked position. You can't make that out of non-magnetic material.
So shielding it is.
(Score: 2) by Runaway1956 on Monday April 06 2020, @08:48AM
LOL - now I do feel dumb. I read it, did something else, came back, looked again, and focused on "magnetic shielding", forgetting all about the motor. Yeah, if you can run the motor, however slowly, using remote means, then you control the lock.
Abortion is the number one killed of children in the United States.
(Score: 3, Insightful) by Bot on Monday April 06 2020, @11:46AM (6 children)
Why don't you use the strength of the attacker against him? Instead of shielding have an element subsceptible to magnets between the motor and the lock. If you get a magnet nearby the element displaces itself and blocks the mechanism.
Account abandoned.
(Score: 2) by Bot on Monday April 06 2020, @11:48AM (4 children)
It needs to be as simple as a spring attached metal pin which blocks the rotation of the motor.
Account abandoned.
(Score: 2) by RS3 on Monday April 06 2020, @02:02PM (3 children)
That might be a brilliant idea. It needs testing.
Your idea (maybe Tapplock would pay you?) plus some "mu-metal" https://en.wikipedia.org/wiki/Mu-metal [wikipedia.org] shielding around the motor might fix the problem.
Of course a bolt cutter or cutoff wheel won't care...
(Score: 2) by DannyB on Monday April 06 2020, @04:48PM (2 children)
Tapplock seems to do testing after the product ships.
Maybe the assumption is they can fix it with a software update.
The device driver team has been tasked to create a patch that makes changing the lightbulb unnecessary.
Young people won't believe you if you say you used to get Netflix by US Postal Mail.
(Score: 2) by RS3 on Monday April 06 2020, @06:51PM
Long ago we all became beta testers for everything. 'nuff said.
(Score: 3, Interesting) by RS3 on Tuesday April 07 2020, @12:34AM
You gave me another idea. Not sure how the hardware is designed, but if they put sensing on the motor leads, they could sense external magnetic influences, and intentionally drive the motor a little- enough to keep it locked.
They could also do a coil or a Hall-effect sensor and again, drive the motor toward locked when external magnetic fields come around.
(Score: 2) by EETech1 on Tuesday April 07 2020, @05:12AM
Just make the lock body out of steel.
Then you will be afraid of holding that huge magnet anywhere near it, and you certainly wouldn't be able to swipe it over the lock like he does in the video.
For reference, here's a 2 inch diameter, 2 inch thick magnet, and it has a pull force of 377.6 pounds.
https://www.kjmagnetics.com/proddetail.asp?prod=DY0Y0-N52 [kjmagnetics.com]
There's lots of good info on that site too!
https://www.kjmagnetics.com/blog.asp [kjmagnetics.com]