Slightly related to this, the Lock Picking Lawyer on Youtube has number of videos where he tries a Ramset gun [1] against different padlocks. For example:
This was interesting as it was an attack that certainly would not have crossed my mind.
Would be interesting to see how other types of locks would do against this kind of tool.
He mentions the mech was changed in 2011, mentions there’s a probably little used retrofit and at the end of the video he comments that there are likely many compromised ones still out there.
Which is pretty expected if you've seen how buildings are maintained in general. I haven’t encountered a lock that doesn’t have this vulnerability in any 20th century post-war nyc building.
Oh, interesting. I thought most of them had been replaced with the newer versions. I didn't know about the replacement kit. Now that you mention it, I guess LPL might've said something about it in his video (which I didn't re-watch, oops!).
Interesting - I do wonder how well that attack would work in a normal use setting where it could become much harder to brace the lock against something.
He's got a couple of videos using it in different ways and it doesn't look like it would be too difficult to brace a lock in some way to use it, like using the tension in the chain or hasp it hangs from. But you're right, in some circumstances it probably would work. Seems dangerous though, both in debris flying off and even more so since it looks like a gun.
I suspect you can find a way to brace them in many circumstances, some of the common bicycle theft techniques are pretty constrained. The down side of this method for a thief is that they look very much like a handgun for obvious reasons. That ups the chance that a quick theft escalates to gunfire if you're interrupted by the police, armed security, or an armed home owner or bystander. Cops are a lot more likely to shoot you if they think they saw a gun.
The video is a compelling demonstration of a design flaw, but I am always skeptical of lock opening displays that do not occur in a real-world application of the lock.
Yeah, you ramsetted a lock. In a vise. Can you do that if it is dangling from a chain between two gate halves? Or would you bring out a bench and vise to your target?
Ok, you picked a lock. In a vise. Is it easily pickable while hanging from a hasp, with a door behind it?
Ok, you drilled open a smart lock. Is the drill able to be positioned in such a manner when the lock is installed on a door?
It doesn't look like it.
After drilling, you need to insert a screwdriver and manipulate a latch.
Is drilling/manipulating faster/slower/easier/more difficult than picking, raking, ramsetting, grinding, kicking, or prying?
I was particularly looking for such (in fact these) questions while going backwards through the article again, and I must say:
I don't think you have a point here. All of these steps can be easily done while the lock is on the door. There are plenty of tools availabe to drill holes this way.
Nobody said it is "faster/slower/easier/more difficult" than existing attacks. It is a valid attack, it is quick and it makes almost no noise and worse: It isn't even obvious (you need to actively search for a tiny hole, otherwise you're just assuming all is OK)
Exactly. This has an added bonus of making it a permanent backdoor. You drill once and put black sticker on it, nobody will notice. Is there even a sensor in the lock to log being manually opened?
Easier way to open a smart door lock in 3 seconds...use a hooligan tool[1]. For $150 USD a SWAT team(or someone who practices for a few hours) can be in your room in no time.
Sure but that entry is then really a lot more obvious. The kind of small hole they propose to drill here might not get noticed by a security guard doing the rounds, and would offer the ability for repeated near-covert entry.
Yes. The truth is most (and I mean nearly all) residential door frames snap like a match stick with a hooligan tool.
In a previous life I kicked in doors for a living. I don’t give a fuck how cool your dead bolt is. I could be in your face before you were out of bed.
If you want to keep out lazy thieves any lock will do. If you’re preventing against a dynamic entry you need trip wires, man traps, metal door frames, and a 12ga shotgun.
This isn't true - modern standard domestic polycarbonate and metal composite doors and frames with locks that engage all the way up are a real problem for the police as they're extremely hard to get through even with repeated blows from a battering ram. There is absolutely no chance whatsoever that you can kick in a modern door. You will break your leg first.
Do people have doors like that? Mine looks like a bog standard wooden door. Even the fanciest condo I lived in had a massive heavy fire door with hella heft but it didn't look metal.
You have to explicitly want to spend money on that type of door. Looking at random model houses in the US, i have yet to see anything that comes with that type of door. Most apartments dont generally have high security doors either (landlords dont care, its not their stuff that gets stolen). Most front doors where i live can be punctured by leaning on them in the wrong way, and may as well be cardboard.
I broke a window with a pebble when I was a kid. Most people have windows. Something like an extra sticky vinyl sticker takes care of the noise problem.
No they mean double glazed. Two layers of glass with a thin layer of air sandwiched between them.
Windows are built like this in countries where the outside air temperature is far different than you'd want, as otherwise you spend a lot of money heating or cooling your windows, because glass is a poor insulator. But _air_ is a relatively good insulator considering it's transparent, the two sheets of glass stop the air from moving (and taking the heat with it).
If you smack a double glazed window, you are now trying to compress the thin layer of air, which is difficult. So in most cases the window will stubbornly not break. You could probably still smash it with a pry bar or similar tool, eventually but it won't be easy.
People have the idea from watching too many movies that breaking glass is very easy, in movies they are using sugar glass, it's _designed_ to smash easily and turn into impressive looking but not dangerous tiny pieces. In reality the glass mostly doesn't break, and so you hit it again, harder and eventually some of it smashes and you've got big shards of razor sharp glass, which you'd better clear away or you'll hurt yourself.
It's not magic impregnable nonsense, it's just inconvenient and dangerous to break.
Looks like it was originally named for the creator(Halligan) but I'm guessing someone people made the mistake of calling it hooligan and there wasn't enough pressure to correct them.
This is probably the sole reason I went with an August (don't buy their doorbell, BTW), which effectively slips over the existing deadbolt knob. Now I just have to worry about August's BT/software/network stacks, but I don't have to wonder about how good the lock is. With something like the lock in the article, I have to worry about the tech side and how much effort they put into the lock. I almost wonder if, like so many tech "innovations" today, if they didn't just wrap some tech around an unvetted lock mechanism they found on Alibaba and called it day when the software worked.
Isn't the point of a lock just to keep honest people honest? I mean you can buy the world's sturdiest, more secure lock and attach it to the world's strongest door, someone with a hammer can easily break a window.
If someone is determined and willing, there really is nothing you can do to stop them from breaking into your house.
> Isn't the point of a lock just to keep honest people honest?
No. Honest people don't need to be "kept honest".
Locks have the same purpose as other security systems (including electronic ones like crypto, etc.).
They aren't intended to (and can't) keep a determined attacker out. What they do is increase the cost (in terms of time, effort, risk, etc.) of gaining access. The point is -- as far as possible -- to make the cost of gaining access exceed the benefit that would be gained by that access.
Honest people do need to be kept honest. Even the most saintly can be tempted.
If you found a twenty on the floor in an abandoned alleyway, would you hand it in to police, or would you steal that money?
If your first thought was "It's not stealing for such a small amount", or "It's clearly been abandoned, so it's ok to take it", then you're the target audience for being kept honest.
Your other point is spot on: the aim is to increase the friction of entry and raise a mental barrier in the mind of the subject which results in an outcome you would prefer (no break-in).
>If your first thought was "It's not stealing for such a small amount"
Well, actually... where I live, it would not be stealing for such a small amount, given that you don't know who lost it, and it was found in an abandoned alleyway (and not say, an office, store or station etc. where it could be handed over to local personnel). Had you said fifty, the situation would've been different.</nitpick>
Agreed. The amount is right on the edge of legality. Should you report it? Should you make an effort to find someone to hand it to? If the first shopkeeper around the corner says "Could be anyone's. Keep it" for a fifty, does that constitute a reasonable search for the owner?
Essentially everyone has stolen at some point in their lives, and almost everyone has gone into private property they theoretically shouldn't have gone into.
My door has a lock, but must adults could get in by kicking it a few times with determination. That's true of most locks in existence. They're there to stop people who don't actually want to cause any real damage.
I don’t think they’re suggesting that everyone on earth has purposefully become a thief at one point, but that sometimes it just happens.
I’ve definitely walked out of a supermarket with a bottle of water that I picked up while shopping and forgot to pay for - I still stole it, even if unintentionally.
In the Canadian North, it's traditional to leave your summer cabin unlocked over the winter so that if someone is lost in the woods they can come in and warm up. It wasn't unusual to come back find that someone had used it over the winter.
> I’ve definitely walked out of a supermarket with a bottle of water that I picked up while shopping and forgot to pay for - I still stole it, even if unintentionally.
You only steal it if you realize it and don't return back to pay. Happened with me a few times, the cashiers will really appreciate it.
Does that also apply when the cashier gives you too much/not enough return cash?
A while ago my to-go order from McD somehow included an extra cheeseburger.
Was that maybe a "present" by the company to a loyal customer? Should I have gone back and paid for a cheeseburger I never ordered? But if I give it back to them, they would just throw it in the trash anyway because they can't sell it to another customer.
I did this with an entire rucksack full of groceries once when I was tired and used the self-checkout. When I came back the cashiers expressed surprise that I even did!
You complained about the theft claim, but not the trespassing claim, so it seems I still need that lock to keep you from wandering in.
You probably have stolen something, even if it's just a failure to return a book you borrowed from someone, or office supplies that wandered off with you (pens vanish like you wouldn't belive).
Eh? Inward opening doors are common everywhere I've been. US, Britain, Norway, Germany, etc. For apartment buildings, the outer door might be outward opening, but after that everything is inward opening.
Afaik outwards opening doors are more of an Asian thing, in Eastern Europe, it's a bit mixed but in most of Western Europe it's pretty much all inward opening.
The first part of your post is pure hyperbole. There are plenty of places less crime ridden then Baltimore or Detroit where you absolutely have to lock your things or they are likely to get stolen. Pretty much any urban area in the US. Most suburbs as well if you park on the street. Kids will go down and just try doors. They have no intent of picking anything or forcible entry, just snatching the low hanging fruit.
I have lived in northwestern Nebraska so I get it, there are places where you don’t have to ever lock your door.. that is the exception.
To counter your friend: I lived in one of the lowest crime rate suburbs in the US. Stupidly left my door unlocked in an apartment parking lot overnight.. everything of value was cleaned out in the morning.
This is not even a US specific issue. Vancouver, BC has a serious problem with (heroin, meth, cocaine) addicts and property crime. Theft from vehicles and from vehicles in supposedly "secure" underground parking garages is epidemic. No bicycle worth more than 50 dollars is safe locked in public, no matter what kind of lock it has on it.
-Anecdotal, but indicates there's a certain honour among thieves - if you volunteer to visit inmates in Norwegian prisons, you get a parking pass to keep prison staff from having your car towed or bike removed while you're visiting.
An inmate advised me that I should just leave that pass on the windshield at all times - as it would be more effective against theft than any immobiliser.
I did leave it in place, and a few months later, just about every car parked curbside down my street had had its stereo and valuables snatched - except mine.
Now, obviously, this may have been a result of my stereo being pretty basic, though of recent manufacture from a renowned brand - but I like to think it was because of the visitor's service pass.
Vancouver is probably even worse. Not only is crime rampant, out of misguided compassion for drug users they have for all intents and purposes decriminalized petty crime in a sizable section (DTES) of the city. Police will quite literally not even arrest repeat "frequent flyers" even when seen seen prying into buildings and security gates.
I live in a very low crime area, yet even in my sleepy neighborhood (semi rural), we had a break-in a couple years before buying our house. It turned out to be a couple of teenagers that wanted some quick cash (probably for drugs). That was the only break-in for years, and there hasn't been one for the several years I've lived in my house, so you never know when someone will try to steal something.
That being said, a lock has to be just good enough to deter theft. In my area, that's means a simple door lock for houses and a U-lock for bicycles. In other areas, you need far more security. But to goal isn't to keep out a determined attacker, but to make it more worthwhile for the thief to move on to the next house/car/bike than to try to get past your lock.
Your household insurance might well refuse to pay out if there isn't evidence of forced entry. That's a fairly sizeable variation in the cost of being broken into ...
Maybe, I probably wouldn't try to claim on the insurance though. My most expensive to replace thing is probably my cd collection, which as far as I'm aware thieves don't go for, my tv is small cheap and unbranded, my laptop is ancient and the battery is knackered. I suspect the most fence-able possession I've got is a Kitchenaid mixer.
The only reason I even have contents insurance is because it comes with the buildings insurance.
Ironically, perhaps, the case I was thinking of when I wrote the comment was my friend's insurance refusing to pay out on his CD collection being stolen because there was no sign of forced entry (he'd left the patio doors unlocked).
This was a number of years ago though, whether thieves still take CDs is an interesting question.
Pretty much every suburban area has a decent amount of home burglary. Sure, rural areas not so much. But take a look at the the stats at the bottom of this page and you'll see lots more than Baltimore and Detroit: https://www.worldatlas.com/articles/the-most-burglaries-in-t...
> Pretty much every suburban area has a decent amount of home burglary. Sure, rural areas not so much.
But more than you'd think. Criminals are aware that they can often be in a different state before the police arrive at a rural crime scene, reducing the chance of getting caught.
Take a look at some of the European armoured doors, especially those in Italy. The door and frame come as a single piece, where the frame is made from hardened steel. I assume the door is too, but they are covered in some sort of veneer.
There is a basic cylinder lock which needs a 90 degree turn from the key outside, or the knob inside. Then there is the deadbolt mechanism which needs to be turned five or so times, and drives 1/2" steel bolts deep into the frame.
(Something like "normal", but this is a cheap Chinese knock off)
A few years ago a neighbour called the police because their son had locked himself in the apartment and they thought he was a suicide risk. They brought in the fire department to break in, but rather than cutting through the door, it was easier for them to cut through the masonry wall. Windows here are typically just as secure with triple glazing and multi-point locking as standard, and this was the third floor.
>If someone is determined and willing, there really is nothing you can do to stop them from breaking into your house.
Yes and no. If someone desperately wants to rob you, and precisely you, then yeah they will most likely be able to break in. However that doesn't mean we should make it easy for them. The longer it takes to bypass my lock and security, the more noise they make, the more destruction they leave behind the more likely it is that someone will notice them and call the cops. The more likely it is that they leave something behind that can be used to trace them, etc.
The bigger reason to get quality locks is that criminals often target places with weak security, because hitting those location is easy. A burglar for example will usually case out a location they're targeting to figure out what they need to bring for the actual burglarly. Now if I have SuperArmorMax extra secure lock that takes the burglar an hour to bypass with power tools, but my neighbor has an aluminum smartlock that can be bypassed in 5 seconds with a regular drill, which do you think the burglar will target?
Sure they could also break windows, or try other more destructive entry methods, but those are much louder and rouse more suspoicions from other people. You want to be quick and minimize the time you spend doing something shady.
And again, you shouldn't make things easy just because a determined attacker can get through it, at least make them work for it.
A primary point of a lock is to keep people from acting impulsively. Consider these scenarios, ordered by decreasing likelihood of "yes, you would peek your head in" — or "yes, you would slip in and steal something":
If your neighbor leaves their door open, do you peek your head in out of curiosity?
If your neighbor leaves their door unlocked, do you open the door and peek your head in out of curiosity?
If your neighbor locks their door with a combination of 1234, do you open the combination lock, open the door, and peek your head in out of curiosity?
If your neighbor locks their door with a radio-frequency lock, do you install an app to capture their lock signal and replay it later, open the door, and peek your head in out of curiosity?
None of these protect against a determined attacker, but they absolutely do protect against impulsive "low risk, high opportunity" actions.
If the door is open and that is an unusual occurance, sure, I would knock on the door frame and call out to make sure they are alright / didn't forget to close the door, etc. For every other situation, no, I wouldn't.
I'm just not all that curious, to be honest. It doesn't need to be curbed, I don't care what you have in your house. Is this really a motivation that other people feel?
You can always break in somewhere given time and tools. But like the old saying goes, you don't need to overrun the tiger, you need to overrun the other guy.
If a robber has to choose between a locked door and an unlocked door, they will chose the unlocked one. I used to live in an apartment with a door that was so bad that the previous tenant had to add a second lock just to keep it closed, but one day a burglar came and robbed my neighbor. Discussing about why they chose his rather than mine he noticed "from the outside, it looks like you have hardened your door with a second lock".
And yes, you can break windows (if you have easily accessible windows) but a broken window is a much clearer sign of something going wrong than an opened door.
>Isn't the point of a lock just to keep honest people honest? I mean you can buy the world's sturdiest, more secure lock and attach it to the world's strongest door, someone with a hammer can easily break a window.
In my home, the locks and windows (laminated glass[0]) are hard enough to break that when you attempt to do so I have time to ready my firearm. Something like this would potentially allow someone to sneak up more quickly and perhaps undetected. When my family isn't home I don't really care if you break into my house, insurance will cover the loss.
Out of curiosity, do you have a normal door lock on your door; one that uses the kind of key you can get a copy made of at home depot? If so, pretty much anyone can open it with a bump key and a couple seconds.
You can see it in action here (https://www.youtube.com/watch?v=w0CIlwSxsvU). His first try takes a bit longer than it should because he's turning too hard (simple mistake). Every attempt after that takes just a couple seconds.
My pet peeve is smart dead bolts. Presumably if you have a dead bolt you are worried enough about security to pay for a lock that's stronger and harder to subvert than a normal door knob lock. After all using 2 keys/locks is a hassle every time you open the door. Presumably because you don't want anyone with a shim/credit card to just pop your latch.
Most would expect a dead bolt to survive a 5 second attack from a 10 year old without specialized tools.
It's sadly common to see a $150 "smart" dead bolt with dramatically less physical security than a $25 dumb dead bolt. Some have plastic cases, easily popped off. Others have plastic gears, easily over torqued. If a kid with a screwdriver can just insert the screwdriver into the keyhole and rotate and open the door you might as well not have a dead bolt.
When someone is trying to break into a house, they might have to do it fast, so that they don't get noticed. If they need to pick two locks instead of one, it's costing them twice the time, so by locking the handle in addition to the deadbolt, you're increasing your security by making your door a bit more of a pain for someone to break into.
Who picks a lock to break in? Common thieves have no need to pick locks.. totally dumb for a couple reasons.
Contrary to popular nerd belief... door locks in the US are not that easy to pick. Many have anti pick features like reverse sidebars that while not impenetrable increase time or skill required. While the lockpickinglawyer has videos, note that he is extremely skilled with tons of practice, it still can take more time than breaking, and those aren’t field conditions.
Just break the door in... stealing might as well use forcible entry.
Where picking is useful is covert spying, and if that is your threat model the addition of the second or third lock doesn’t really mean much.
I don't know about these videos but when I called my neighborhood locksmith to deal with a lock I'd misplaced the key to, it took about 20s to pick... It would seem to make sense to me if you were trying not to call attention
Yup; I think an important aspect to look out for with locks is whether or not you have to damage / destroy them to get in, because if they do then you have evidence of a break-in meaning the insurance company will pay out. If you have a burglary (for example) done by shims or lockpicks they can claim fraud / no evidence of a break-in and not pay out.
I'd even go as far to say that for burglars it's important to leave traces of a break-in so that the victim can claim insurance.
Of the places I've lived, the back window has been kicked in, the rooftop door has been unlocked, windows pried, and previous roommates broke into others' rooms to steal stuff.
Security is usually a lemon market. The buyer can't really tell if its secure or not, depressing what people are willing to pay, which makes it bad business to invest in making a secure product.
It's rather difficult to find electronic locks, even for safes, that aren't obviously less secure than traditional options.
Which is pretty sad considering that an electronic lock could be substantially more secure if it was designed well.
The stuff that is reasonably secure, like kaba-mas products, are quite expensive because its catering to a market that simply isn't buying on price.
With the Internet and YouTube I don’t think it’s as much of a lemon market as it once was. The information is out there, pretty accessible actually. For example it’s not hard to find that Master and Kwikset might not be the highest security compared to other options. The problem isn’t that the information is hard to find, it’s just that most people aren’t willing to spend more for higher security (could be a few hundred dollars more once you multiply it by a few doors) and it’s easy to convince yourself cheap locks are “good enough” - after all, someone could break a window, kick in the door, etc.
Just because information is out there and accessible doesn’t mean it has much mainstream penetration. Locks are a very niche hobby. Most of my friends and family don’t know shit about locks any more than 30 years ago even though the technology is clearly documented and explained on YouTube.
YouTube has made pretty much everything widely accessible. Doesn’t necessarily change the market.
This is so terrible. There is an enterprise market for mature electronic locking systems, as they are used in virtually any modern office building. And then there is the (affordable) consumer market, and most stuff even looks crappy.
I really would invest 500€ for a small (3 outdoor locks) system, but there is virtually no product which I can trust in.
I avoid everything as branded as smart: locks, TV, watch, etc. I am not sure why people think it is a viable way forward with the technologies we currently use.
The article points out that the lock casing is made of aluminum rather than steel (presumably for aesthetic reasons), which is trivially easy to drill through. A steel casing would take a lot longer and make a lot more noise.
The point is that people in the market for smart locks need to additionally vet the company that makes them for their proficiency in physical security, not just in software security. A competent company that has made non-smart locks for a while would not make this same mistake.
It does, and the physical lock makers know about this threat. My lock has a freely rotating piece of metal that covers the keyhole - you cannot drill through it without first preventing it from rotating.
More advanced locks jam when drilled through. There are also materials that emit lots of smoke when drilled through, mostly used in safes.
Eh, I'd design an electronic lock that is operated with a phone app. There'd be nothing visible of it on the surface of the door. There'd be no way to tell what the make/model of the lock was. There'd a flange the full length of the door so you couldn't even tell where the bolt was.
You could have a magnetic switch somewhere that you could tap SOS on with a magnet or something. Or just knock on the door with a certain pattern. Or speak "Open the pod bay doors, Hal" into a pinhole mike. I'm sure you could think of many methods.
There will always be failure modes. I mean, the failure mode for a traditional lock is "I lost my keys". Unless you have someone else with a spare set who can get to your location in a time you deem reasonable, you're going to have to have the door forced.
I once had a storage unit, and lost the key to the padlock. The manager said "no problem", and we went out to the unit. The manager pulled out a battery operated angle grinder, and cut the lock off in about 5 seconds.
You're going to need a bank vault to beat an angle grinder. Those tools are the shiznit.
"How do you know where to drill it? The lock has the manufacturers logo on the front face – drill the side of the lock in line with the top of the logo. How helpful!"
If you look at the internals of the lock then the tolerance where to drill, and still be able to leverage it open, seems to be pretty big.
As such, they could remove the whole logo and it would still rather easy to approximate where to drill, it's not like measuring dimensions is impossible without a manufacturer logo.
As pointed above, it was a joke about security through obscurity and a worried thought that some manager might actually think of that as a solution. I was hoping that was obvious enough to not require a "/s" at the end.
Why even put the lock on the outside? All smart locks I've encountered just communicate wirelessly with a smart lock inside. Physical keys are used as a backup.
I like keypads. On a rental you can change them when tenants change. At home you can go out with keys or phone. Though it stands to reason you could put a keypad outside and run a wire inside, or use wireless though personally I'm glad my keypad lock isn't smart or wireless.
Keypads are good, especially for higher end rentals. Another lower tech (and probably more secure TBH) option is small format interchangeable core (SFIC) locks where the core can easily and cheaply be swapped out between tenants. Landlordlocks.com built a business selling this concept to landlords. I’m only jealous I didn’t think of it first :)
yeh regular key lock in the door, electronic cam release of the for latch in the frame seems like a much more robust set-up. seal the gadgets in the wall on the inside of the room, no batteries or moving cables.
The 'better' lock that has rollers in the bolt to make it harder to cut off is pretty cool. But I found out there is a reciprocating saw with counter action available! Seems perfect to cut rollers. https://toolguyd.com/dualsaw-reciprocating-saw/
Where I live, the smart locks I saw are mounted in from the inside and go over the existing screw bolt thing that unlocks the door. From outside you would have no idea that it's a smart lock. But yeah, they don't have something outside you could touch an NFC tag on to unlock
Tbh with smart locks I'd be more interested in the lock detecting a break-in or destruction of the door mechanism, so it could for example call the police if someone smashes in the door.
https://youtu.be/Wimo09WV-rY
This was interesting as it was an attack that certainly would not have crossed my mind. Would be interesting to see how other types of locks would do against this kind of tool.
[1] https://www.homedepot.com/p/Ramset-MasterShot-0-22-Caliber-P...