Smart Locks

Earlier today I posted on twitter asking for some input on smart locks.  I’d read some, but didn’t consider myself particularly educated on the topic.

Screen Shot 2017-11-20 at 11.42.02 PM

I got a few responses and a helpful retweet, but not enough depth for what I was looking for.

So I started by googling things like “smart lock” and “best smart locks”, etc… to get an idea of the major manufacturers.  I was shocked by how many are out there.

I have a few things I was looking for to help narrow down the search:

  1. This is going on a front door so it should match a handleset (one of those long ornate looking handles on front doors).
  2. My wife just replaced all the other door handles in the house, so I’d like it to match those as closely as possible.
  3. I want to be able to lock or unlock the door remotely.
  4. It should allow me to add or delete user codes without physically touching the lock.
  5. I’d like it to be able to tell me if the door is locked or unlocked remotely.
  6. Battery life shouldn’t be horrible.

Like all other home automation projects I also look for:

  1. It should not be obnoxiously futuristic/stand out more than it has to.
  2. It should be backwards compatible with non-smart items, so I would like it to take a key.
  3. I would like it to be controlled by my home-assistant hub.
  4. I would like the home-assistant control to avoid using cloud services as a middle-man.  Even better if the device never talks outside the house at all.
  5. My preference for control protocols are Wi-Fi, with Z-Wave as a backup.  Zigbee/Bluetooth/others I’ve avoided successfully to date, but can be a last resort.

 

Reading through the google results made me start to realize that a ton of the locks are using BTLE.  This makes sense based on the lower power draw, but it made me start to think I might have to use Bluetooth for the first time.  My automation is hub is nowhere near the front door, so that was going to be a pain.

So I started by looking at how people attacked BTLE smart locks and found these two talks:

https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Rose-Ramsey-Picking-Bluetooth-Low-Energy-Locks.pdf

https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Jmaxxz-Backdooring-the-Frontdoor.pdf

These cover a mix of poor implementations or attacks on the cloud infrastructure.  Interesting reads.  Also, as I looked further I found that the BTLE locks are starting to include little devices that plug in near the door to pair the lock.  The device then bridges the lock to Wi-Fi.  Pretty cool, and might make a properly implemented one usable for me!

Screen Shot 2017-11-21 at 12.06.06 AM

Unfortunately, none of these seem to work over the LAN only with home-assistant, so I moved on with my search.

I focused in on Z-Wave locks next and found a few solid ones.

After some skimming through some Z-Wave specific shops I narrowed down to looking at Schlage, Yale, and Kwikset.  Yale immediately was removed for not matching aesthetics/handlesets, so I was down to the well known door lock companies Schlage and Kwikset.

Next on to the security of Z-Wave I came across a talk: https://github.com/AFITWiSec/EZ-Wave/blob/master/ShmooCon2016_presentation.pdf

Slides are pretty useless there, but they do have a video (I haven’t watched yet) and did an interview about the research.  They state in the interview that they were able to easily control Z-Wave devices that don’t use encryption, but they were not successful in attacking the door locks made by Schlage, Yale, and Kwikset that were properly encrypted.

However, diving deeper I found a more in-depth bit of research presented in 2013 that outlined forcing encryption key re-issuing to a rogue controller: http://neominds.org/download/zwave_wp.pdf

The device happily allows the rogue controller to tell it to re-issue a key, and the rogue device can now control the lock.  Their paper claims that Sigma Designs (owners of Z-Wave) have fixed the bug, but getting manufacturers to confirm that will likely be near impossible.  It’s IoT after all!

I decided that the risk of all 20 people near me with the skill and determination to do this stopping by AND defeating my alarm system and cameras was a low enough risk and dove more in to these two locks:

https://www.schlage.com/en/home/keyless-deadbolt-locks/connect.html

https://www.kwikset.com/products/styles/smartcode-916-touchscreen-electronic-deadbolt.aspx

Both meet all of my requirements above, with the Kwikset having an exact match to what my wife just put in the interior of the house.

I found that Schlage is based in Colorado (woo!) and that their lock received a BHMA grade 1 (longer lasting) vs the grade 2 that Kwikset got.  After reading some Amazon reviews I also found that the Kwikset lock has some fairly widespread issues with the touchscreen having lags, not responding, or even cracking.  Fairly universally people said that Kwikset’s push-button model was recommended over the touchscreen.

Lastly I read some lock picking items about each lock and found a pretty massive problem with the Kwikset’s “SmartKey” technology.  Apparently the lock cylinder can just be forced open with any flat tool.  I was happy to see this was fixed in the 2016 timeframe with a more up to date video explaining the differences in the new mechanism.

If anyone else wants to take this journey I would recommend the Schlage as it is currently $50 cheaper on Amazon, has a more traditional lock core, less touchscreen complaints in reviews, and is a higher grade of material.

Personally I took the chance on materials with the Kwikset lock to match the other handles we just replaced, but I’d be interested in hearing what others have done and what their experiences were.

Screen Shot 2017-11-21 at 12.56.44 AM

Hope this was helpful to someone!

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s