EEVblog #1014 - Masterlock Bluetooth Padlock Teardown

[dorin]

Absolutely. And the utility of all the critique here is that somebody lurking on the nets will find this forum educative and not buy into their marketing crap.

[Fungus]

These responses are mean.

They are indeed.  Frankly, I'd say more along the lines of this is getting utterly ridiculous, and not a small amount down right irritating — I'm following this thread to see if any useful comments or product comparisons turn up, and wading through the sea of crud is not particularly enjoyable.  Though it probably wasn't helped any by Dave's own response to the device — the sheeple always come out, in the shadow of their shepherd. Anyhow…
...
I'm fairly certain this padlock is still better than the ones I use (and have used) in any of those situations, and the convenience it offers doubly so; I'd much rather something like this on my gate than having to fumble with a key while it's pouring rain on a winters night (my current gate padlock is a $10 Coles jobbey, since anyone wanting to bypass it can — and all too often do — simply jump the fence anyhow.

a) The shepherd couldn't actually open this with his phone.
b) If it's raining then that's all the more reason to get something reliable  (eg. doesn't depend on battery charge).
c) It's better to spend $10 than $100 if people are likely to break it.

Nope, this is aimed squarely at the locker-room-frequenting-hipster demographic. People who want other people to notice their shiny padlock.

[Assafl]

My note was a bit tongue-in-cheek (hence the red LED false equivalency).

The Nineveh lock was nowhere as capable as some of the modern pin-n-barrel locks (or their higher security variations - from rings to magnets). But it goes to show that when something is JUST THAT GOOD - it needs a lot to replace it.

BT locks are new. Early adopter products usually suck and are always somewhat silly. Routinely overpromise and under deliver. This one is no different. BT locks are gadgets. For now. BT locks are for early adopters - for now. But I can think of many reasons a BT lock would makes sense - needs for which a regular lock is either too limiting and cumbersome - or a purpose built lock - too expensive. (BTW - Electronic locks are not new - they have all but displaced the most security minded safes. Just look at what the Mas Hamilton x-09 and X-10 did to GES requirements. They are that good. They cost as much as well.)

This product is somewhat silly. But if other people buy it - maybe one day we'll have a multipurpose lock that can give the gardener logged and timed access to the garden shed. Hey - you could even tell how many hours the gardener was at your home - when he opened the shed - and when he closed it. And who forgot to lock the shed. And who accessed dad's tool box.

None of the above deter me from liking my 8077A S&G padlocks. And a point probably not lost on thieves is that if you do see any S&G (8077 or a 951 or an 833) or an Abloy 362 or an EVVA MCS Padlock on something - whatever is on the other side of the lock is probably extra worth getting at.
 

[Fungus]

And while the digital security of many of these locks pains me even more than their physical security, I myself will still be keeping an ear open for further reviews of flaws (and fixes) regarding these bluetooth enabled padlocks

I wonder if it's firmware updatable.

It's not hard to imagine there's a software bug lurking... maybe even a sniffer that lets you walk near the owner and pretend to be the lock so you can grab the code. If you see somebody put a bag in a locker and close it with one of these things there's a good chance there's a Macbook or iPad inside.

[Cerebus]

And while the digital security of many of these locks pains me even more than their physical security, I myself will still be keeping an ear open for further reviews of flaws (and fixes) regarding these bluetooth enabled padlocks

I wonder if it's firmware updatable.

It's not hard to imagine there's a software bug lurking... maybe even a sniffer that lets you walk near the owner and pretend to be the lock so you can grab the code. If you see somebody put a bag in a locker and close it with one of these things there's a good chance there's a Macbook or iPad inside.

We've seen from the recent debacle with the bricking of Lockstate locks by a remote firmware upgrade, that remote updating for electronic locks must be regarded as a vulnerability. At the same time, any experience with software security at all tells us that one must have the ability to update firmware/software to cover the inevitable vulnerabilities that will be found.

Thus for any electronic lock to be secure there must be enough infrastructure in place to ensure that updates to software take place, but that they cannot be done 'over the air'. That implies warm bodies and well trained one at that, and that implies expenditure.

Moreover, a Google search for 'bluetooth cracking' throws up 'About 637,000 results'. Bluetooth is not secure, it has been hacked many times. Bluetooth is not designed as a security protocol. It was designed for other tasks and, as always, security was designed in afterwards. If you want a secure wireless unlocking protocol then you're going to have to design one with security in mind.

I'll bet that any Bluetooth lock that has a proximity unlock feature like this Masterlock padlock is trivially vulnerable to a 'MIG in the middle' relay attack that could be whipped up by the black cloaked, goat sacrificing, RF aficionados on the forum in half an hour.

I would regard any Bluetooth lock as a gimmick. Treat it as a techno-toy and there's no harm in it, treat it as a serious way of securing anything of any value and you're in for a nasty surprise. Fungus example of a locker with a valuable bit of shiny electronics in it is exactly what would attract the kind of teen cracker with the skills to beat this lock.

[Fredderic]

a) The shepherd couldn't actually open this with his phone.
b) If it's raining then that's all the more reason to get something reliable  (eg. doesn't depend on battery charge).
c) It's better to spend $10 than $100 if people are likely to break it.
Nope, this is aimed squarely at the locker-room-frequenting-hipster demographic. People who want other people to notice their shiny padlock.

Well, it does have to be pointed out that our esteemed leader does often have trouble with this new fangled technology (particularly anything associated with a smartphone) — if it doesn't smell of vintage, he's going to have trouble with it.

Nobody serious about securing anything is using anything from Master, that's for sure.
So, it falls into the "if you're really not securing anything and you want a gadget, go for it" category.

So... a Bluetooth lock is overkill at this quality level. It'll sell great to the gadget crowd. But it won't really secure anything.

Talking about it's actual ability to secure something, certainly.  I don't think anyone's arguing these locks are master thief proof, that was pretty well established when it was mentioned that they can be opened with a cut up soft drink can — no one's going to be securing the crown jewels with these things.

But sometimes a signal is exactly the point; like when it's hung on a gate that someone can simply jump over anyhow, attached to a locker (which is usually fronted by a door made of pretty flimsy metal), or holding a bike in a mostly locked compound (where you're more worried about opportunistic theft, than planned).  And in these cases, the utility of the lock is by far more important than the actual security of it.

That's not to say it's not being marketed to the "locker-room-frequenting-hipster demographic", that lovely blue light is certainly conducive to that market, but then, they are also the ones far more willing to pay for the convenience, and less likely to recognise it as fairly weak physical protection.

So yes, we've established it's not great physical security, probably being marketed to hipsters, and seems to be Dave resistant.  We know that relying on Bluetooth for security is dodgy, and this thing probably doesn't go overboard on it's crypto, so it's probably vulnerable there, too.

However, on the insecure Bluetooth side, it's probably still on par with most RFID locks, which is an alternative that I've been considering for my front gate; I'd guess it's likely even a little better than regular RFID, since there's the Bluetooth "security", encapsulating a (probably) not terribly strong keyed exchange.  That's still going to be a step up from copy tag, use tag.

BT locks are new. Early adopter products usually suck and are always somewhat silly. Routinely overpromise and under deliver. This one is no different. BT locks are gadgets. For now. BT locks are for early adopters - for now. But I can think of many reasons a BT lock would makes sense - needs for which a regular lock is either too limiting and cumbersome - or a purpose built lock - too expensive. (BTW - Electronic locks are not new - they have all but displaced the most security minded safes. Just look at what the Mas Hamilton x-09 and X-10 did to GES requirements. They are that good. They cost as much as well.)

This is also definitely true.  Unfortunately, all these kinds of devices have been a little flakey, not very secure (digitally), so on and so forth.  But the techniques will improve, and they do need to start somewhere.  Anything IoT is facing an uphill battle right off the starter, because the I in IoT is a wild and wooly place, with expectations not presently appropriate to a device of this class.  It's one of the reasons there's so many competing standards vying to be "the new I in IoT" — trying to provide a more embedded-friendly gateway (or alternative entirely) to the wild and wooly internet.  Devices like this one deal with that reasonably well by moving a lot of that into the Phone app — which I think almost has to be the way to do it for now — though at least a little more on the lock itself would be nice, from what we've seen on YouTube.

But when it's the functionality it offers that you want, rather than the physical security, and especially also, with more and more of us living in rented housing, or for those locker room using yuppies, where modifying the property to suit our needs doesn't always go down too well for the landlord… something like this really does seem like a suitable choice.  As silly as it may seem to many of you.

We've seen from the recent debacle with the bricking of Lockstate locks by a remote firmware upgrade, that remote updating for electronic locks must be regarded as a vulnerability. At the same time, any experience with software security at all tells us that one must have the ability to update firmware/software to cover the inevitable vulnerabilities that will be found.

Firmware updates are also a relatively new thing in commodity hardware, and they're hard to do properly, and all too often end up bricking the device (most certainly not just padlocks), especially when it's already struggling to fit in the firmware it needs (ie. having room for fallback firmware).  To the benefit of these devices in particular, though, they do not need to directly interact with the internet, and that saves them a whole load of resources and vulnerabilities.  Squeezing a little more real crypto onto the chip (at least one of them already does AES256, albeit rather poorly from what I recall), should render Bluetooth's issues far less relevant (the same reason SSL is so important — it doesn't matter nearly so much how insecure your internet connection is, once you've got an encrypted and authenticated connection).  And that is coming; the dedicated crypto components are making their way onto increasingly smaller chips, but even without that, both the bottom-end chips are getting bigger, and the crypto libraries are also getting made smaller and more efficient.  And most importantly, the companies making IoT gear are starting to realise they need to learn how to use them.

And I still think a device similar to this (if not this specific one), would do just fine on my front gate, or any of the other situations I've listed.

[Fungus]

Just saw this:



A review of one by a lockpicker, plus a fast way to open it.