Author Topic: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown  (Read 24114 times)

0 Members and 1 Guest are viewing this topic.

Offline alter Ratz

  • Contributor
  • Posts: 23
  • Country: at
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #25 on: August 12, 2017, 12:04:19 pm »
Why don't they just use microUSB as power backup. The chances of having a USB power bank + microUSB cabe are a million times higher than someone carrying around a spare CR2032. It's just stupid  :palm:
 
The following users thanked this post: Fungus

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16560
  • Country: 00
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #26 on: August 12, 2017, 12:20:00 pm »
Lose your phone, get locked out!
Phone runs out of battery, get locked out!
Lock runs out of battery, get locked out!
two of your failure modes are non-issues (there is a keypad for phone-less opening)

The whole point of this is not to have to remember a secret number!

and the third has been reduced to an inconvenience (contacts for external backup battery
An inconvenience that only this lock has.
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16560
  • Country: 00
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #27 on: August 12, 2017, 12:21:53 pm »
Why don't they just use microUSB as power backup. The chances of having a USB power bank + microUSB cabe are a million times higher than someone carrying around a spare CR2032. It's just stupid  :palm:

The whole thing would be better with an internal rechargeable battery. No need to go looking for an expensive coin cell every couple of weeks (or however long it lasts).

How long does the battery last, BTW?
« Last Edit: August 12, 2017, 12:23:53 pm by Fungus »
 

Offline amyk

  • Super Contributor
  • ***
  • Posts: 8240
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #28 on: August 12, 2017, 03:30:02 pm »
Why don't they just use microUSB as power backup. The chances of having a USB power bank + microUSB cabe are a million times higher than someone carrying around a spare CR2032. It's just stupid  :palm:

The whole thing would be better with an internal rechargeable battery. No need to go looking for an expensive coin cell every couple of weeks (or however long it lasts).

How long does the battery last, BTW?
An internal battery that eventually wears out, making the lock pretty much useless for its original function? |O :palm: The concept might not be too smart but at least they decided having a replaceable battery would be a good idea...
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16560
  • Country: 00
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #29 on: August 12, 2017, 06:43:28 pm »
An internal battery that eventually wears out, making the lock pretty much useless for its original function? |O :palm: The concept might not be too smart but at least they decided having a replaceable battery would be a good idea...

That never stopped iPhones from selling and the target demographic for this is the same.

Besides, the battery won't have chance to wear out. This thing will be junked after the first couple of times the battery dies and the owner finds themselves looking for an emergency CR2032.

...or after they arrive at the gym and have to skip a session because it refuses to lock itself.

...or

Dave didn't mention battery life or if it has really good battery diagnostics in the app. Very remiss.

(then again, Dave couldn't actually get it to unlock itself via bluetooth so it's understandable he went straight to the drill)
 

Offline ebastler

  • Super Contributor
  • ***
  • Posts: 6202
  • Country: de
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #30 on: August 12, 2017, 06:55:00 pm »
The whole thing would be better with an internal rechargeable battery. No need to go looking for an expensive coin cell every couple of weeks (or however long it lasts).

Not sure about that. Depending on your use for the lock, you may not have the freedom to take it to a charger for a couple of hours -- it might have to stay in place, locking whatever you want to protect.

I think we are in violoent agreement that the whole "smart" concept does not make much sense for a padlock. I can see the benefits for a stationary lock which is used by multiple users: Easy to grant someone temporary access; no expensive exchange of the lock and many keys if a key get lost or stolen. But for a padlock?! If I can carry my phone, I can easily carry a physical key as well. And if I should lose the key, just trash the lock and get a new one. And avoid any hassle with batteries etc. ...
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16560
  • Country: 00
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #31 on: August 13, 2017, 09:41:57 am »
I think we are in violoent agreement that the whole "smart" concept does not make much sense for a padlock.

At $100 it makes perfect sense as a way of making money from the app generation.

These people are used to buying things that end up in a drawer after a couple of uses.
 
The following users thanked this post: SeanB

Offline thm_w

  • Super Contributor
  • ***
  • Posts: 6272
  • Country: ca
  • Non-expert
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #32 on: August 14, 2017, 09:05:59 pm »
Quote
   
Q: How long will the 4400 series battery last?
A: The 4400 series battery should last at least 2 years in Touch Unlock Mode and 4 months in Swipe Unlock Mode with regular use.
Q: How long will the 4401 series battery last?
A: The 4401 series battery should last 5 years in Touch Unlock Mode and 2 years in Swipe Unlock Mode with regular use.

The battery life is quoted as 2 years when using normal unlocking (ie go up to the lock and touch it, goes green, unlocks). The radio can be off, and only MSP430 is powered waiting for a keypress.
Swipe is remote/guest access mode, so the bluetooth radio has to be on all the time, using much more battery.

4401 uses a CR2 cell so if you have a need for guest mode, you'd get that ($90).

2 years is plenty if the estimate is realistic and if it has a low battery warning. The keypad locks we use on our doors are rated over 3 years, and its a non issue to put in new batteries.
Profile -> Modify profile -> Look and Layout ->  Don't show users' signatures
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 10576
  • Country: gb
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #33 on: August 15, 2017, 01:55:05 am »
Why don't they just use microUSB as power backup. The chances of having a USB power bank + microUSB cabe are a million times higher than someone carrying around a spare CR2032. It's just stupid  :palm:

I'll bet that the probabilities are the other way around.

I will bet that a minimum of 90-95% of forum members will have a handy CR2032 on their person when they are out and about. It'll be on their key chain, on a car remote locking/alarm fob. I will also bet that less than 5% of them have a handy USB power source and cable about their persons under similar circumstances.

Whether the average person has the presence of mind to realise that they are already carrying around a CR2032 is another matter; after all, you didn't realise it.
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 

Offline trophosphere

  • Frequent Contributor
  • **
  • Posts: 278
  • Country: us
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #34 on: August 15, 2017, 02:37:01 am »
Why don't they just use microUSB as power backup. The chances of having a USB power bank + microUSB cabe are a million times higher than someone carrying around a spare CR2032. It's just stupid  :palm:

I'll bet that the probabilities are the other way around.

I will bet that a minimum of 90-95% of forum members will have a handy CR2032 on their person when they are out and about. It'll be on their key chain, on a car remote locking/alarm fob. I will also bet that less than 5% of them have a handy USB power source and cable about their persons under similar circumstances.

Whether the average person has the presence of mind to realise that they are already carrying around a CR2032 is another matter; after all, you didn't realise it.

I had a friend in highschool that carried a battery around just in case. He had drilled a hole in it and attached it to his keychain.  :-DD
 

Offline ThaddeusWrz

  • Newbie
  • Posts: 1
  • Country: us
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #35 on: August 16, 2017, 07:52:16 am »
Just two minutes with an acetylene blowtorch and "Boom", you're in like Flynn..
 

Offline Assafl

  • Frequent Contributor
  • **
  • Posts: 600
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #36 on: August 16, 2017, 09:20:49 am »
Some of these products are just too early and lack any functionality that rationalizes their existence. I think a BT lock would make sense if it added the kind of features that could not be added to a regular lock.

Just looking at feature sets of electronic locks - like Mas Hamilton's X-10 (love that lock!) there are various things Master could have done with the lock. Stuff like:

- only allow open if a supervisor's phone is nearby (something you know and something you have)
- allow a one time open (e.g. give a one-time-password to a service person who needs access)
- retractable codes (so certain users can be removed from the lock)
- logging (who opened the lock and when)
- two person (split keys)
- hierarchical keys (supervisor followed by employee)
- master open (e.g company owner)

Sure the X-10 is meant for National Security stuff....  But who's to say that there isn't a market for a lower cost version for a teenager that may be interested in giving a friend one-time access to a locker? Or share a password with a GF? Or have a master key for the school administration for contraband checking? Or two friends sharing a locker? Or a member's-only lock for the sport's team's shed?

Given the current functionality of making a regular code padlock unnecessarily complex I would prefer a regular Master Lock or (even better) a used S&G8077 from eBay.
« Last Edit: August 16, 2017, 09:23:26 am by Assafl »
 

Offline denverpilot

  • Regular Contributor
  • *
  • Posts: 74
EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #37 on: August 16, 2017, 11:04:45 am »
Some of these products ... lack any functionality that rationalizes their existence. I think a BT lock would make sense if it added the kind of features that ... you can already do with a regular lock.

FTFY. :)

- only allow open if a supervisor's phone is nearby (something you know and something you have)
Get a double keyed lock.

- allow a one time open (e.g. give a one-time-password to a service person who needs access)
Hand them the key. Tell them to bring it back or you'll kill them.

- retractable codes (so certain users can be removed from the lock)
Take away the key. (With optimal death before or after.)

- logging (who opened the lock and when)
Know who has keys. Trust them. Or take away the keys.

- two person (split keys)
Get a double keyed lock.

- hierarchical keys (supervisor followed by employee)
Get a double keyed lock.

- master open (e.g company owner)
Carry a key.

LOL sorry man, you can do all of those things with a regular lock, and I felt like being sarcastic tonight. :)

You know what else? You won't have to make sure your phone battery is charged for the lock to do all of those things, too. :)
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16560
  • Country: 00
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #38 on: August 16, 2017, 11:11:53 am »
- only allow open if a supervisor's phone is nearby (something you know and something you have)
- allow a one time open (e.g. give a one-time-password to a service person who needs access)
- retractable codes (so certain users can be removed from the lock)
- logging (who opened the lock and when)
- two person (split keys)
- hierarchical keys (supervisor followed by employee)
- master open (e.g company owner)

You forgot: Allow government/law enforcement access without logging.

(and anybody else who feels important, especially the TSA)
« Last Edit: August 16, 2017, 11:15:15 am by Fungus »
 
The following users thanked this post: dorin

Offline Neilm

  • Super Contributor
  • ***
  • Posts: 1545
  • Country: gb
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #39 on: August 16, 2017, 07:28:16 pm »
I can't find the story at the moment, but in the last week or so there was a small issue with a particular brand of front door locks. These are electronic to alow people to have time limited access (timeshared houses / rental etc). The electric locks are connected to the internet so the owner can see when the lock is opened.

This particular manufacturer decided to update one of the models of lock. Unfortunately, they packaged it marked as updates for a different model so when that model automatically updated the result was it bricked the lock. Remove lock and return to factory for repair.  :palm:

<edit>
Found it https://www.theregister.co.uk/2017/08/11/lockstate_bricks_smart_locks_with_dumb_firmware_upgrade/
Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe. - Albert Einstein
Tesla referral code https://ts.la/neil53539
 

Online Red Squirrel

  • Super Contributor
  • ***
  • Posts: 2748
  • Country: ca
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #40 on: August 18, 2017, 06:36:03 am »
Neat concept and half decently executed.  I hate this whole trend with so many products that it requires to make an account though, this is completely ridiculous especially for an offline device.
 
The following users thanked this post: TheDane

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 10576
  • Country: gb
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #41 on: August 18, 2017, 09:58:20 am »
I hate this whole trend with so many products that it requires to make an account though, this is completely ridiculous especially for an offline device.

I would, and do, go further. If someone makes a device that requires access to their servers for it to work, or for me to create some 'account' to make it work, I will not be buying it. Even if it is just access during setup. I will not be buying it personally, I won't be buying it for work, and I'll actively be discouraging other from buying it. I don't want a product's life to be determined by how long the manufacturer can be bothered to keep the servers working for, and I don't want its security determined by how bad someone is at systems administration.

As you point out, it's ridiculous for an off-line device, especially when it's a lock, a security device; that surely implies that you should remove any possible risk of information leakage that is not strictly necessary for the operation of the device.
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 
The following users thanked this post: Brumby, TheDane

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16560
  • Country: 00
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #42 on: August 18, 2017, 12:16:04 pm »
I hate this whole trend with so many products that it requires to make an account though

Sign up, it's free!

 

Offline T3sl4co1l

  • Super Contributor
  • ***
  • Posts: 21606
  • Country: us
  • Expert, Analog Electronics, PCB Layout, EMC
    • Seven Transistor Labs
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #43 on: August 18, 2017, 04:18:33 pm »
I hate this whole trend with so many products that it requires to make an account though

Sign up, it's free!

Free-as-in, hand over your personally identifying information.  If you as a human being aren't worth anything either, then, sure. ;)

(Give or take the privacy notes about what info they actually record, and what data the app actually has access to.  If allowed to, it would be very easy for the app to record when, and where (GPS), it was used, as well as other invasive info.  It would be remarkable if there is a registration process yet no collection even of basic things e.g. name, phone number or e-mail address, and so on.)

Tim
Seven Transistor Labs, LLC
Electronic design, from concept to prototype.
Bringing a project to life?  Send me a message!
 
The following users thanked this post: Red Squirrel, TheDane

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16560
  • Country: 00
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #44 on: August 21, 2017, 12:36:47 am »
It would be remarkable if there is a registration process yet no collection even of basic things e.g. name, phone number or e-mail address, and so on.)

You can (and should!) lie to them.
 

Offline f4eru

  • Super Contributor
  • ***
  • Posts: 1086
  • Country: 00
    • Chargehanger
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #45 on: August 21, 2017, 03:10:02 pm »

I'll bet that the probabilities are the other way around.

I will bet that a minimum of 90-95% of forum members will have a handy CR2032 on their person when they are out and about. It'll be on their key chain, on a car remote locking/alarm fob. I will also bet that less than 5% of them have a handy USB power source and cable about their persons under similar circumstances.

Whether the average person has the presence of mind to realise that they are already carrying around a CR2032 is another matter; after all, you didn't realise it.
If you already carry a CR2032 on your keychain ( mine can only be extracted with a small TORX driver), then why not just add a key for a mechanical lock.
This entire concept simply makes no sense.

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16560
  • Country: 00
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #46 on: August 21, 2017, 03:33:28 pm »
If you already carry a CR2032 on your keychain ( mine can only be extracted with a small TORX driver), then why not just add a key for a mechanical lock.
This entire concept simply makes no sense.

A CR2032  can be used for many things, not just this.

You might even be able to rescue members of the opposite sex who were silly enough to buy one of these locks.
 

Offline Assafl

  • Frequent Contributor
  • **
  • Posts: 600
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #47 on: August 21, 2017, 03:44:04 pm »
These responses are mean.

The pin and tumbler lock dates back to Nineveh (at least) which is 4000 years ago. It is even older than red LEDs.

Isn't it time that it is improved upon?
 

Offline Fredderic

  • Regular Contributor
  • *
  • Posts: 67
  • Country: au
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #48 on: August 21, 2017, 06:50:29 pm »
These responses are mean.

They are indeed.  Frankly, I'd say more along the lines of this is getting utterly ridiculous, and not a small amount down right irritating — I'm following this thread to see if any useful comments or product comparisons turn up, and wading through the sea of crud is not particularly enjoyable.  Though it probably wasn't helped any by Dave's own response to the device — the sheeple always come out, in the shadow of their shepherd. Anyhow…

While people are so busy tearing into the weaknesses of these locks, so few of you seem to have stopped to consider that just about any padlock can be bypassed with the old spanner trick (I think I saw one post that seemed to go mostly ignored), and even the front door of your home, no matter how good the lock(s), can be bypassed by a brick through your window.  Most of the attacks on this lock which are being discussed, require substantially more sophistication than either of those.  And many of the locks we rely on every day, are more of an advisory signal than actual real security (in most cases, the real security is the video camera watching over it, and the stupidity of most people trying to breach them).

No, I wouldn't be using one of these to protect the crown jewels, or even the power tools in my shed.  But my school locker if I were still in school, the plastic box I kept my oh so very private stuff in as a little kid, or if it was the weatherproof version, then the front gate, or the padlock on my bike back in school again — I'm fairly certain this padlock is still better than the ones I use (and have used) in any of those situations, and the convenience it offers doubly so; I'd much rather something like this on my gate than having to fumble with a key while it's pouring rain on a winters night (my current gate padlock is a $10 Coles jobbey, since anyone wanting to bypass it can — and all too often do — simply jump the fence anyhow.  Yet I for one will be paying the extra for the convenience, since that signal, as weak as it may be, still has it's purpose — especially in a police report), same for my bike back in school (which was behind a locked fence most of the day, and more or less watched by teachers for the rest — and where there were plenty a time where I'd have much rather pressed a button, than have to fumble for the key).

And yes, it's easy enough to tuck a spare battery in your bag, wallet, etc., for when it's needed — for the convenience (and sometimes safety) of not having to take out your keys at all.  Not to mention keys can get lost, or stolen, and if you've leant them to someone who neglects to give them back, they're a heck of a lot harder to revoke.  I also have more than one set of keys; the house keys are the smallest ring, the car keys have a clip so I can attach them to the house keys when I go out by car, or leave them at home when I go out walking.  The shed and window lock keys and the likes stay at home, and the keys to the toolboxs inside the shed are on yet another key ring.  Why don't I just put them all on the same ring and take the whole lot with me everywhere?  It's the same reason I'd use one of these locks for some jobs but not others — the toolbox keys are separate because I sometimes leave the shed unlocked for a few hours, and it happens to be a whole lot harder to walk off with the whole toolbox, than it would be to swipe the not inexpensive spanner set in it.  I honestly don't care if someone can open the padlock with a piece of cut up can, when it's locking a gate that can be more easily jumped over — either action is going to draw an observers attention, fiddling with the lock like that probably even more so than simply jumping the fence.

Now, I do appreciate the discussions on the strengths and weaknesses of this lock, and I appreciate that there are some IoT devices that just, well, shouldn't be (just about every IoT device in the adult industry, for starters).  But these padlocks — though certainly somewhat weaker than an equivalently priced keyed one — still have a good deal of utility within appropriate circumstances, and comments like the recent, "You might even be able to rescue members of the opposite sex who were silly enough to buy one of these locks" (and you're just the most recent of the seeming majority of posts in this thread saying such things), demonstrate a severe lack of ability to think outside your own limited world view, and really don't contribute positively to the thread (not to mention I know members of the opposite sex who would quite rightfully take significant offence at a comment like that), at least one of which was a fellow student back in University, studying Engineering.

And while the digital security of many of these locks pains me even more than their physical security, I myself will still be keeping an ear open for further reviews of flaws (and fixes) regarding these bluetooth enabled padlocks with an eye to purchasing one well before next winter; give me time to choose at least the brightest of an admittedly not particularly bright bunch, for the very important job of locking a perhaps somewhat ineffectual front gate — so long as it stops random delivery people letting our dogs out, and posts that signal that you're not welcome beyond this point without invitation.
 
The following users thanked this post: TheDane

Offline denverpilot

  • Regular Contributor
  • *
  • Posts: 74
Re: EEVblog #1014 - Masterlock Bluetooth Padlock Teardown
« Reply #49 on: August 22, 2017, 04:22:18 am »
These responses are mean.

The pin and tumbler lock dates back to Nineveh (at least) which is 4000 years ago. It is even older than red LEDs.

Isn't it time that it is improved upon?

They have been. You won't find them at the cheap end of the scale, nor at the local store. That's most of the problem right there... what people see at the big box hardware store or other local merchants, they think those are "locks".

As you go into pricing for locks like the Bluetooth one here you barely touch into the price point of the bottom of the scale of what most folks actually trying to secure something, use.

I was semi-joking about it when I responded with my early "get a dual keyed lock" but anything worth actually securing can use a multitude of types of locks that can even grant multiple access, etc... that also aren't "low end junk padlock" quality.

Some jokingly (but not really) put it this way. If you bought a $20 lock to protect something worth more than $20, the their certainly won't mind breaking a $20 lock. ;)

Nobody serious about securing anything is using anything from Master, that's for sure.

So, it falls into the "if you're really not securing anything and you want a gadget, go for it" category.

If you are actually securing something, consult a locksmith or security company. There's usually more to it than a $2 hasp and a $20 lock that can be busted with a pry bar or cut with bolt cutters.

Like someone said, a cheap Master lock is usually hung somewhere to send a message or tamper proof a patch from kids. Anybody else, it's a 30 second maximum break in device. Someone who knows what they're doing? 10 seconds.

So... a Bluetooth lock is overkill at this quality level. It'll sell great to the gadget crowd. But it won't really secure anything.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf