Tapplock

[tsman]

https://www.theregister.co.uk/2018/06/15/taplock_broken_screwdriver/

Major fail on multiple fronts. Physical, firmware and server all have glaring flaws. The only secret you needed to unlock it via BLE was the Bluetooth address itself. The API doesn't care who are you so long as you're logged in and will gladly give away all your account info over plain HTTP. The lock is made of a brittle alloy that snaps easily. Worst one is that the back of the lock can be easily unscrewed then the mechanism taken apart with just a Phillips screwdriver.

[Mr. Scram]

As has been the case so many times before, it turns out to be very hard to make a secure product. You can do a thousand things right, only to have a few omissions ruin the party. One leak can sink the boat.

[Cyberdragon]

A few ommisions? They didn't even try at all.

This is not a security device at this point, it's a children's toy.

They need to get the hell off the market...NOW, as they clearly don't know anything.

[Mr. Scram]

A few ommisions? They didn't even try at all.

This is not a security device at this point, it's a children's toy.

They need to get the hell off the market...NOW, as they clearly don't know anything.

You jest, but it really does seem to be an illustration how hard it is to develop a secure product. It's a pretty decent product otherwise, even good maybe. But security is so hard to do right and even major league players with tons of experience and resources fall flat on their face.

[Cyberdragon]

What you describe is Masterlock, which usually has a few easy breach methods. No idea why they don't fix them but I guess for price reasons.

This thing has every single flaw in the book to the point of total uselessness other than intimidation. They had dirt simple sofware with no attempt at security at all beyond a password that was easily breached, their physical durability is weak, it can be shimmed (although so can Masterlock sometimes), cut, smashed, exc. They didn't even use security screws, and how secure is the back locking pin?

Yes, they say they are going to fix it, but letting the consumer teach you security 101 is usually not a good thing. How many more problems are lurking with it?

[helius]

"Security screws" are simply a nuisance, there is nothing secure about them. No reputable lock body contains security screws.

[bd139]

So much crap like this appearing on the market. Every feature you add to a security system is self-defeating.

[ataradov]

You would not believe it, but this is not the most insecure smart lock. This one requires a Torx screwdriver and you can just open and close it back up without damaging the lock:

[Cyberdragon]

"Security screws" are simply a nuisance, there is nothing secure about them. No reputable lock body contains security screws.

We're not talking about those toy screws you can open with an iFix kit.

Use real security screws like...

https://www.brycefastener.com/key-rex-tamper-proof-screws-bolts.html

[bd139]

I could get one of them off in 5 seconds flat.

[dmills]

Any screw is a flat head when you have a battery powered dremel tool with a disk!

Regards, Dan.

[helius]

"Security screws" are simply a nuisance, there is nothing secure about them. No reputable lock body contains security screws.

We're not talking about those toy screws you can open with an iFix kit.

It actually doesn't matter how special the screws are. The entire concept of protecting a lock with a special kind of screw is amateurish.
In a real padlock, the screws (Phillips!) are beneath the shackle.

[bd139]

Any screw is a flat head when you have a battery powered dremel tool with a disk!

Regards, Dan.

Or a plant pot, sparkler, aluminium powder, iron oxide, sunglasses and a striped jumper.

[helius]

Opening locks with thermite is not that practical It makes a big mess, and it's difficult to keep the slag in a useful place. "Breaking Bad" isn't a documentary...
However, thermic lances are used in some combat situations to achieve entry. Locksmiths prefer less crude methods.

[bd139]

IANAL (I am not a locksmith). Also I made thermite when I was at school in 1989 way before breaking bad and YouTube. I remember my chemistry teacher raising one eyebrow and saying “if I say no you’re just going to steal the chemicals and do it in the woods so I better let you do it here instead so I can call an ambulance if you burn your face off”

[SeanB]

Never go for the lock, go for the bolt itself. The lovely high carbon steel lock, resistant to picking, bumping, grinder and such is almost always on a mild steel mount that is easier to cut. Did that with a very old Towne and Yale lock I wanted intact, so cut the steel bolt instead. Then drilled the pin out, made a key for it and put it back together again. I like that lock, even if it is not exactly secure these days, but it is a solid bronze unit.

[CJay]

IANAL (I am not a locksmith). Also I made thermite when I was at school in 1989 way before breaking bad and YouTube. I remember my chemistry teacher raising one eyebrow and saying “if I say no you’re just going to steal the chemicals and do it in the woods so I better let you do it here instead so I can call an ambulance if you burn your face off”

Hah, the tales I could tell but absolutely not on a public forum.

We left copious notes in the margins of the library chemistry books for future generations to follow.

(thermite was quite mild compared to some of the stuff we messed with)

[CJay]

Never go for the lock, go for the bolt itself. The lovely high carbon steel lock, resistant to picking, bumping, grinder and such is almost always on a mild steel mount that is easier to cut. Did that with a very old Towne and Yale lock I wanted intact, so cut the steel bolt instead. Then drilled the pin out, made a key for it and put it back together again. I like that lock, even if it is not exactly secure these days, but it is a solid bronze unit.

My wonderful ex lost the key for my old shed, her new bloke tried to cut the lock with various tools which all failed, he tried to cut the hasp, he tried to drill the core (snapped a bit in it) which was  fail as I had a spare key if only she'd asked first.

I took a junior hacksaw to the body of the lock and was into the shed in less than three minutes, locks vary

[bd139]

Round these parts:

What kind of key can open any lock?

A pikey!

[Cyberdragon]

At the point you have powertools to destroy the whole thing you're attacking the fasteners of coarse don't matter anymore. That's not the point. The fasteners should always be at least as strong as the item, but being stronger than the material being fastened would be useless.

I could get one of them off in 5 seconds flat.

Again, if you have a large angle grinder to cut hardened steel, why are you going for the screws...

[bd139]

That’s very true actually. When someone broke into our old shed, a flimsy metal structure, they just cut round the latch plate with some tin snips. They were very disappointed as there was only rusty shit that I hadn’t taken to the tip yet. And the shed was going to the tip too.

[Rerouter]

just about every security bold / screw on the market can be undone with the right size flathead screwdriver and some creativity, (Had to find some for my own company)

Turns out you can order custom screw heads pretty easily, went with a Reuleaux triangle with parrellel sides, so far short of cutting a slot they are not coming out with a flat head.

[SeanB]

Welder makes any screw an integral part of the material in a few seconds. Though why Xpanda decided that the nuts they supplied with the kit for the roller shutter must all be nylock nuts, as they all melted when the installer welded the nuts onto the studs to make it secure. When I had to undo these nuts to rebuild the gearbox ( they did not exactly go into any sort of QC on that part, as the new gears needed quite a bit of work on them with an angle grinder to first of all remove the casting sand in there, plus even more work to get them all to mesh in a method that was less Lada level clearance, and closer to something that would run smoothly. The old gears were so poorly meshing that they chipped off half the teeth in around 2 years and left a load of steel shards in the dry housing) I was able to grind out the weld and undo the nuts, and even was able to put the same nuts back again and weld them in place again, plus used a lot more grease than the dash of nasty sludge they used in the first place.

[ebastler]

Turns out you can order custom screw heads pretty easily, went with a Reuleaux triangle with parrellel sides,

What would a "triangle with parallel sides" look like? Could you share a picture?
Thanks!

[Rerouter]

sorry by parrellel sides, its the term they used for a non tapered hole, which required hot forming (or so they told me) as if it has a taper then a screwdriver can still turn it.

[mc172]

"Security screws" are simply a nuisance, there is nothing secure about them. No reputable lock body contains security screws.

We're not talking about those toy screws you can open with an iFix kit.

Use real security screws like...

https://www.brycefastener.com/key-rex-tamper-proof-screws-bolts.html

I'd get them off with a hammer and a centre punch within seconds. Lovely flat head, there's even six nice radial faces to hammer on to get the impact as close to tangential as possible!

I don't know why there's such a fascination with putting pins in the middle of the socket. "Security" Torx being the prime example - I can go down the road to Screwfix and get a full set of driver bits for about £4 - how is that any more "secure" than the non-"Security" Torx? In fact, most of the time I buy Torx driver bits, they have got the hole in anyway!

[CopperCone]

sometimes I wonder if adding ridiculous security features motivates a thief out of spite

tho, I would imagine in court it would look worse if you got caught with a bag of B&E tools, it starts to look very very premeditated & career criminal like. The jury really starts to think "i would not even dream of doing all that shit' and 'he has dangerous skills that we can't protect society from easily lock him up'

[helius]

Your average thief has more important things to do than take revenge on things he can't break: like breaking in to someplace easier.
As such, the problem in security is very rarely to make theoretically unbreakable things.

"Do you think you're faster than a lion?"
"No, but faster than you."

For some locks that are critical means of access, you are concerned that they could be vandalized (using cement, for example). Not by thieves particularly, but delinquents taking out their frustration on you. There are ways to prevent this such as the Geminy Shield.

The problem a lock is supposed to solve is the conditional access problem: to make it infeasible for anyone without an authorization token (key) to gain access, while it is simultaneously easy for anyone with the key to gain access. One of the consequences of this requirement is that the space of possible keys must be so large that no one can simply collect them all. It's for this reason that lock systems have many mechanically independent interacting elements (pins, discs, etc). A single element cannot differ in enough ways to create a secure key system. A second consequence is that the nature of the required key cannot be discoverable from observing the lock: or else you could just fabricate whatever shape was required for each lock. That is called decoding or impressioning. A third, easily overlooked, consequence, is that the authorized key must provide access easily. Keys open locks with effectively no force.

Keyed-fasteners like the dodgy "KeyRex" fail as conditional access devices. There is only one varying element, whose shape is easily visible, and which requires force to remove even with the correct tool. If the goal is simply to prevent vandals from damaging parts of a building, one-way fasteners are all it takes, not exotic keyed-fasteners. The product does not solve any actual problem.

There are some limited areas where a keyed-fastener system makes sense, despite its inherent limitations. One of its wins has been for bicycle wheels and seatposts, where you rarely need to access the fastener, but it's hard to otherwise secure the item—a typical bike lock can't secure both wheels and the seat at once, so some additional protection is needed. This system uses an ellipsoidal recess, so it can't be easily turned using a center punch, spanner bit, etc. That shape also gives it very low torque for its size, which explains why it hasn't been successfully scaled down.

[texaspyro]

Here's a new Bluetooth padlock...   it has "amazing" security... NOT!