As terrible as this is, I bet the company didn’t lose a single sale from this. Part of why IoT is so horrible, there is just no reason to make a secure system when the general public won’t care.
The devil’s advocate is that the lock is still roughly as secure as some random Masterlock that kids use on lockers.
Most locks exist more as sign postage and preventing errant access. You definitely don’t want to be using this to protect against motivated actors… but that was true even without these exploits?
That being said the random Masterlock at least requires someone to fidget with it physically to get it open.
I think the main difference is non IoT locks actually require some effort to unlock. If these IoT locks take over, someone will just make an app that automatically scans the area for devices and lets you hack them with a button press.
yeah this is a very real possibility. I’m a strong believer in the gradient of security but the idea of just walking down and being able to unlock all the doors is v scary
(also: why does this even need to be on the internet?? We made electronic devices before bluetooth low energy, it really feels like we should be able to make a lot of this stuff in an offline way)
2018/06/16: Tapplock got the API down after pressure because it was exposing GDPR data.
That’s why I actually like GDPR. I bet before that law came into life the vendor would not react at all. Now they face a huge fine and most of all are obliged by law to inform about the potential breach of customer data.
As terrible as this is, I bet the company didn’t lose a single sale from this. Part of why IoT is so horrible, there is just no reason to make a secure system when the general public won’t care.
The devil’s advocate is that the lock is still roughly as secure as some random Masterlock that kids use on lockers.
Most locks exist more as sign postage and preventing errant access. You definitely don’t want to be using this to protect against motivated actors… but that was true even without these exploits?
That being said the random Masterlock at least requires someone to fidget with it physically to get it open.
I think the main difference is non IoT locks actually require some effort to unlock. If these IoT locks take over, someone will just make an app that automatically scans the area for devices and lets you hack them with a button press.
yeah this is a very real possibility. I’m a strong believer in the gradient of security but the idea of just walking down and being able to unlock all the doors is v scary
(also: why does this even need to be on the internet?? We made electronic devices before bluetooth low energy, it really feels like we should be able to make a lot of this stuff in an offline way)
That’s why I actually like GDPR. I bet before that law came into life the vendor would not react at all. Now they face a huge fine and most of all are obliged by law to inform about the potential breach of customer data.