Smart lock, thats not so smart desinged (pin code, RFID readers etc.)

I need your collective intelligence folks.

So I’ve been looking at rfid/pincode smart locks for a while. I literally try to smartin up my beloved sidle door talk back system.

Ive got the Siedle Vario 511

What tickles me pink is this: You buy (no matter if form Chinese crap companies or actually from reputable (my comparison was with western) vendors) a rfid / pin code access panel, and its flimsy plastic and its got the smarts inside that flimsy box, meaning there is a power supply and the two wires for your door lock, right there for the thieve, under a plastic housing that takes less than 3 seconds to open with absolutely no noise.

What you just bought was maybe a safe product, but it can be bypassed in no time and with absolutely no skill on a low level attack. Brake it, hook the 2 power leads to the 2 lock leads, door is open. And those bell transformers, man they don’t car if you shorten them, thats the modi operandi ringing a bell, they keep pumping voltage out. And if you bring a lithium pack, you wont even need that, to open the door.

Is that what you guys have to secure your home? Cant believe you take that as safe.

Or do you have a box, that just has an Ethernet port, and just transmits its received data like “pin code” or “rfid” to a internal system that is hardened to spoofing with brute force data attacks?

What are you guys using. I want something i can hand out an rfid chip, or learn an other chip i have for say an abus lock system to work. i also want to just touch my phone with companion app to it, or enter a pin code, or do it old style with a key.

e.g. i want it to open the house door and also my flats door when i enter from there. and i want it to kill the external lighting when the door gets closed after i entered. (i have a zigbee door sensor already, but it does not know if someone moves out or in, so if i open from outside, and close the door again, outside lighting can go off. if it opens with no smart lock activity, and its dark, outside lighting should go on. along those lines…)

i also would like to tap my sidle speaker and phone and (5) bells, and forward to the right companion apps, depending on what bell was pressed, so i can open for the parcel guy, no more parcels on the porch.

and i want it on all access doors, like garage, garden, terrace, main door, and flat doors. all the same, just what chip/code and on what panel its used, should decide whats happening. We also need access control for the waste. folks keep dumping into our wast bins, so we are in the process of getting them a place that has access control and automatic calendar based (provided by the wast service) transfer to the curb for collection.

i also have some people visiting with access rights, that dont have a companion app, so it must be able to work with pin-code and/or RFID.

I always combine pin and rfid. cause why stick with the same issues we had with a lost key?

love to hear what you guys are using

Locks keep honest people honest. If someone wants in your house bad enough, they will get in.

I have three Yale Assure Lock 2 Deadbolt Z-Wave devices that look good and work.

thanks for the recommendation, we don’t use deadbolts here. there is no way of opening a German door with a credit card, or forcing the lock like with US door locks. or all those other low skill attacks we see featured by LPL on YT https://www.youtube.com/lockpickinglawyer

We have the hinges inside the house, when the door closes, it has pins that slide into notches in the frame on the hinges side, try a 6 foot pray bare, its not coming apart on that side…

on the lock side we have usually 3 flappers that catch 3 tongues for just pulling it shut, not jet locked, its already pretty safe.

to lock it, we have additional dead bolts that are probably twice the cross section compared to a us dead bolt, and we got 3 of them, all operated by the same DIN cylinder. Some folks even have additional bars behind the door, also operated by a second DIN cylinder.

On the outside of a German door, there is no door nob to twist, a knob one could “overpower” like shown in Terminator I, our stuff spins freely not being anymore engaged if locked.

You always need a key, or the resident inside can unlatch the flappers from the talk back system where you press a button to unlatch the door. There is also systems that always engage the tongues electrically.

To unlock from outside you always have to use a key in the DIN cylinder, thats also how you actually lock it, then you cant open the door from the talk back station anymore.

That DIN cylinder is usually heavily protected by substantial metal parts and anti drill protection. it also kinda guards the access to the cylinder, to make it more complicated to pick it or brake it. good cylinders are pretty pick prove, containing magnets, and all kinds of tumblers, spools and 3 way pins (well, it’ll take the LPL probably more than the usual 2 min video to feature my door for example, the cylinders I use are not a master lock product :-), and for sure not an abus (German brand) one too.).

And especially with the drill guard in front of them, the protection around them and located covered by handles and frame and such, they are pretty inaccessible. They also come with their own drill and brake protection included in the core too.

Are they pickable, for sure, is it going to be easy or have an easy low skill bypass, probably not.

Windows are designed like doors, they swing inward, so no access to the latch or the hinges. In my house, I have plastic film on 2 of the 3 window panes. Its making it basically impossible to break or cut the glass. Breake the outside, silent alarm goes off, but you wont get past the second until the police is here. let alone the 3rd pane. I accidentally tried it with a forklift, no brakes, run off a Stone edge, drove right though a window with both forks, that window shatterd and stopped the 2.5 ton forklift. The fork tip made it through the second, but only crackt the third, never pirced it. We could not disassemble the glass, we had to take the window frame apart to get it out. and thats only something you can do when the window is out of the frame (open it, unhinge it, take it apart).

So no, unless you brake through my 20" poroton stone walls with 15" of insulation and rebar mesh on the inside and on the outside, you wont come into my building. you’d probably need a bulldozer or a box of dynamite to come in here.

Clearly the cylinder is the weakest spot.

Therefore adding a box right next to it, that grants access to the wires to open the door lock flappers remotely, and providing the right power source to activate that system, in one go, would be a MASSIVE huge incredible decrease in security.

I cant ditch the DIN cylinder, cause with a broken system or no power I would be locked out too.

I therefore was more looking for the pad to make the authentication with. But for security reasons, the “smart” part of it, needs to be inside the House, not right next to the door.

Wow. Thanks for the amazing education. I had no clue.

Yea its pretty extreme sometimes, I had a tenant, who had a psychotic episode, and some relatives where concerned about the tenants well being, they notified the special department of the police.

So police was notified, went there, could not get a response, tried all common tricks, then called me, got me at the other side of planet earth, realized they cant get a key from me, so they again tried their hand with SWAT gear, door didn’t budge, they called the fire fighters, they worked like an hour on 3 different places, main door, balcony door, and a window. Didn’t get in. They called the volunteers from the THW (THW provides technical and humanitarian assistance during disasters and emergencies, e.g. they did pump New Orleans dry after Hurricane Katrina in 2005, they have any gear you can dream off.) took em another hour to open the balcony door. Only to discover my tenant was not home. Expensive repair bill, but then, that’s what you have insurances for.

And they didn’t think to remove a roof tile and climb in through the access hatch to the ceiling?

My Alsatian would lick you to death.

If you had a high risk resident, wouldn’t CCTV with remote monitoring be prudent for your prison?

If a fire happened, how would they escape?

Must be pretty dangerous where you are living… Or you in particular have a lots of enemy’s? Ether case I would be probably moving before building a prison for me and my loved ones!

There are plenty of access control systems with separate reader and controller.
Don’t look for doorbell products, but some door lock ones. Manufacturers like Assa-Abloy for example. DIY wouldn’t be difficult either.

Well, opening a window or a door from the inside is just that, turn the handle and pull. due to the high security standard of the wall, window/door frame and the glass, we don’t have bars in front of the windows. neither would i want to have bars in front of them. don’t want to feel like in a prison

we do have CCTV with reporting to our cells (frigate handles that)

well if you lift a roof tile, you’d first have to remove the solar panels to get to a place where there is actually inside underneath, so its at least 2 panels you’d have to remove, then you need to lift a sizable amount of tiles we have clay tiles, not tar, when that’s off, your met with sheets of insulation and OSB in-between and what not. my current roof insulation is about 22 inches pure insulation materials thick (with OSB, etc. probably 30"), and you wont want to dig through that middle insulation layer, you’ll be scratching yourself into the next century… i know, i still do, kinda

actually, most of the time, I don’t even bother to hit the button to close my garage doors for the day, when leaving for work or what ever.

till today, only one thing vanished over the past 20 years, and that was left at the road side for free pickup. an old karcher high pressure washer, that i had no use for anymore.

So i wouldn’t say its a particularly dangerous area. its so dangerous that we let the kids walk/bike the half hour trip to daycare and school alone, since they were 4 years old…

however: better safe than sorry.

man i overbuilt everything by at least 100%, why should i do different with this one?

i don’t want to dig my keys out, but i also don’t want to make my house vulnerable by being stupid.

hence i want that rfid/pin thing to have its smarts inside.

if you place all a thieve needs right next to the door on the outside wall… why the heck do you bother with it at all and not just leave the door open? any knowledgeable guy would know how to open your door just as fast as with a key.

and in times of 3d printing keys from low quality pictures, you probably don’t want your keys visible at any time.

i don’t get your opposition to my “secure by design” products research.

/edit: typos grammar and some more clarification.

yea this one i would like:

reader outside, smarts inside in a sunken box. invisible, hard to find if you don’t know where it is, and short of following the cable.

What i miss is integration with a nice GUI or HA

you also said to use DIY, I did, for years I had a door-pi, that was awesome, however that project is so dead, even its domain doorpi.org is gone. in 22 some guy updated the instructions to build it: https://www.youtube.com/watch?v=_9lL_08zQDM, but that’s 4 years old now either.

its still on github

and while being a console kid, im no coder, at all. And i dont have the intention to become one. Im not the guy in the movie Ocean’s 12, they rob by executing a “schuhman speical” in Amsterdam, who “programmed the last 9 steps of the security system himself, and basically sleeps atop of the server”…

I think that is simply not possible. In any way you will (massively) weaken your (for now only mechanical) system if you “connect” it. Even in case the RFID/tag reader and actuator are decent you still (want) to add it to HA were it becomes connected. Now let’s say you have a weak spot in your network (like a 0day in your router or simply using WPA2 without PMF on your AP’s) and third party get access - now not only to your network but also to your door

Adding more ways to open your door beside the key simply opens up more attack vendors for third parties to get entry

your right on that one.

however the chance of a random thug knowing about an unknown 0day or being able to hack into my custom environment, is probably quite rare.

how ever the probability of that specialist being interested in my house is WAY less than the guy who happens to know cheap Chinese door pads just need busting and reconnecting of 4 wires, to have an unhealthy interest in my house.

its like combing a master lock vs picking a lock with decent tolerances, spools and magnetic tumblers.

the combing can be done by any idiot with the right tool just as fast as using a key, and even so the thugs still try to gain entry mostly by braking stuff while

the other lock only can be picked by a seasoned craftsman.

So the chances of a seasoned specialist trying to gain entry, well probably speaking about a state actor, not a thug.

however, your point also has a weak spot. the pure mechanical isn’t safe anymore. a picture of a key is enough to print it, and with a decent printer, the probability of it working is really high nowadays.

And then we also talk nefarious actions. Kids going round and filling locks with super glue and stuff. Ruining your own front door to gain entry would kinda suck, now wouldn’t it?

Right, the random script kiddie knowing about WPA2 weaknesses doing some war driving on a bike might be more common. Personally I know plenty of people still using WPA2 at home and much to often without protected managed frame allowing any (kid or adult) access in a few minutes (as long at least one client is connected).

The reasons for this are diverse and ranging from old routers installed 15 years ago that ‘just work’ (not supporting WPA3 or PMF) or the most common: device xy stops working if I enable WPA3

Wow, maybe time to move?

By adding more ways to open (more attack vectors) you are not mitigating your mechanical vulnerability

well, we are between a rock and a hard place here, aren’t we.

I want more comfort, so I add a second way in, and therefore a probability multiplication regarding the vulnerabilities involved.

However i can try to make smart choices and avoid a plastic part hanging next to my lock that contains all the stuff to open said lock, or i don’t care and hang that thing and hope nobody knows… i would consider the second option to be a dump choice, when you got a home thats by design pretty safe, but i also would consider it adequate if its a drywall building that needs just one solid kick to get inside.

Well, i don’t own a drywall building, hence me searching for a better option fitting to the rest of my building.

And i never said i would like to have it integrated by WiFi with wpa2. yes we run wpa2, like so many others, but only for a bunch of devices, and hardened, they can talk to a single mqtt server from that WiFi, and to nothing else. and the client numbers on that WiFi keeps dropping as that cheap Chinese stuff keeps dying like flies. I lost like 25 nous tasmota WiFi plugs, nous did replaced em under warranty no issue, but i had a free choice, zigbee or WiFi, i went with zigbee.

anyhow, otherwise we just have the cells and tablets on wifi, wpa3 of course, anything else is cable, either copper or fibre.