1. 6

  2. 5

    I know it’s a demo, but if this reflects the level of (in-)security IoT will bring upon us, we are deep in trouble.

    The device have been programmed in a way that just screams “rootkit included”. The keypad is not only tampering-unsafe, it connects to the doors “directly” with no security hub, which means that anyone who can own the keypad owns the door. (Unless I’ve gotten it wrong and it’s just a screen, not a full-blown tablet.)

    And the referenced Lockitron is a horror story in waiting as well.

    1. 1

      Relying on a lock to keep intruders away is very stupid, regardless of the type of the lock (deadbolts can be pwned, classic keypads can be pwned, fingerprint scanners can be pwned).

      That being said, the device itself has no real operating system, has zero buttons, cannot be hooked up to any external input devices and even if it was it wouldn’t do anything. Its a dumb terminal, a window to a “browser tab” (the simplest analogy) running on a secure server. You can take it away, disassemble it, reverse engineer it, nothing will help, nothing is stored on the device.

    2. 3

      “for ~35 USD in parts”… plus a device with a 749 EUR price tag that this business is selling.

      1. 1

        Spark Core is 35USD. The rest is optional. E-paper device costs 239EUR (not 749EUR), but you could use your iPad, Android tablet, etc…

        1. 1

          The kit that doesn’t require a connection to Visionect’s servers, which I think you would be important for a door lock, is 749 EUR.

          Are you an employee of or in any other way affiliated with Visionect?

      2. 2

        Let it be known that this is talking about spark.io, not Apache Spark