No Stupid Questions

Things might be different by now, but when I was researching this I decided on the Yale x Nest.

It's more secure than a keyed lock in the following ways:

• Can't be picked (no physical keyhole).
• Codes can be revoked or time-gated (for example, you can set the dog walker's code to work only at the time of day they're expected to come by).
• Guest codes can be set to provide real-time notifications when used.
• The lock keeps a detailed log of every time it's used.
• The lock can be set to automatically lock the door after a certain amount of time.

It's less secure than a physical traditional lock in the following ways:

• Compromise of a keycode isn't as obvious as losing a key, so you might not change a compromised keycode the same way you might change a lost key.
• People can theoretically see a code being punched in, or intercept compromised communications to use it.
• Compromised app or login could be used to assign new codes or remotely unlock

It's basically the same level of security in the following ways:

• The deadbolt can still be defeated with the same physical weaknesses that a typical deadbolt has: blunt force, cutting with a saw, etc.
• The windows and doors are probably just generally weak around your house, to where a determined burglar can get in no matter what lock you use.
• Works like normal without power or network connection (just can't be remotely unlocked or reprogrammed to add/revoke codes if not online)

Overall, I'd say it's more secure against real-world risk, where the weakest link tends to be the people you share your keys with.

Ask the lockpicking lawyer. He regularly opens them on YouTube. On the other hand, he opens about anything. But those "smart" locks usually have additional weaknesses.

They have a regular backup cylinder that has all the vulnerabilities of a regular lock.

On top of that they have a bunch of electronics that can be vulnerable.

I can't see how it would be possible for them to be more secure unless you're someone who leaves their keys around a lot and a smart lock would let you not have a key on you.

Thieves don't pick locks or hack them. You mostly want to protect against brute force.

Every one of the locks pictured have a traditional lock as a backup. Therefore, none of those smartlocks could ever be more secure. Even if the smart parts were 100% flawless, the lock will have all the weaknesses of a traditional door lock because one is included as a backup.

If you were to spend an equal cost on a lock, you will get more security from the traditional lock because all the budget can be spent on the lock instead of split between the lock and the electronics.

But how valuable is the security of the lock anyway? The weakest part of your home is the windows. If someone wanted to break into your house they can break your windows and climb through regardless what lock you have on the front door.

A smart lock with a keyhole is never going to be more secure than a standard key lock as it is a standard key lock. Now that being said if the door will let you know every time its opened you could possibly head something off

Any person that specializes in IT will know that most of these smart locks/security measures are bullshit and traditional methods are much better.

Definitely less secure, but way more convenient. Security for residential door locks doesn’t really matter that much though; thieves are unlikely to try to pick your lock or use some smart-device exploit to access your home - they’ll just smash a window.

A dog with a loud bark will always be more effective than any lock or security system. My border collie is a super lovable dog but her bark is designed to scare off wolves. It's sounds mean and scary. Truly one whose bark is worse than the bite. She hasn't ever bit a human but she pinned a pit bull that challenged her and gave him a bite to remember.

I feel sorry for my neighbor who has to repeat whatever phrase his smartlock accepts over and over while being locked out of his house.

I know smartlocks have had their share of vulerabilities. I remember 3 or 4 years ago hearing about things such as sending codes un-encrypted over wifi or basing their security on MAC addresses alone. Both are practically a 'key on top of the doormat' travesty. THis may have got better. I think the issue is that manufacturers jump at a market without having much knowledge of IT security. Similar to whats happening with the connectivity of cars. The fact that most peeps in IT security(ok, they might lean towards the paranoid) will not have a smart lock on their house is enough for me for the time being.

It depends on your threat vector. In the academic sense they're less secure but if you often loan out keys they're more secure because you don't have to give someone the key. If you often forget to lock the door they're more secure because you can do it remotely.

In my case, definitely more secure. If I'd given my kids a key, my ex was likely to copy it without my knowledge. With a code, I could tell them to go ahead and give him the code if he pressured them, then just change it.

And I still have a non-electronic deadbolt.

From what I've seen? Considerably less secure.

Many of them feature a normal pin-tumbler lock cylinder as a backup in case the electronics fail, and best case scenario it's going to be as mediocre as any old Kwikset hanging on the peg on the comedy aisle at Lowe's. So you're probably still vulnerable to key theft, key duplication, picking, combing, raking, jiggling, etc.

Then there's the electronics. A surprising number of them rely on either a solenoid to directly operate the latch/bolt, or a relay that energizes a motor to do the same, both of these are vulnerable to attacks by magnets. A stupid number of them are vulnerable to disassembly attacks. There are trace evidence attacks such as looking at the keypad and noticing where all the fingerprints are, there's just watching you dial the combination...

And the smart phone app driven ones...sure, let's send a signal that means "I just got home" across the internet. That sounds safe.

Researched a bit into this some time back and I was not convinced.

It would be nice to have a lock I could assign entry codes for different users and still have a physical key as an emergency backup but the obcession with these locks being tied to an app and/or internet discouraged me.

I stayed with purely mechanical locks with complex keys and secondary arms that make the task to break down a door much harder.

Don't know how it is in other countries but I've been to shops where I specifically asked for locks that would give a locksmith a bad time to pick and was shown a few models where the only way to break it was to put a whole cutter to it and cut out the entire drum.

So, disregarding physical brute force (because that lock bypass method will never change), let's say a smart lock today is functionally equivalent to a traditional lock in terms of security. How's that smart lock going to look in 5 years? In 10? When is the manufacturer going to abandon the product and stop providing security updates? It's only a matter of time before whatever firmware it shipped with becomes obsolete. And then it's just one more thing on the list of pwnd devices that unscrupulous actors can access at will. Your friendly neighborhood junkie in search of quick cash might not know the difference, but a list of people that have e-Lock v2.2 would be very lucrative to the types of people that run the current smash and grab operations.

Soft/firmware obsolescence is a thing with any "smart" device, but it becomes especially egregious when it's built into what are traditionally durable devices like appliances. And even more so when it's something embedded, like a lock, outlet, etc. It becomes "replace that light fixture, or leave that vulnerability on the network." A lock takes that from "someone can waltz into my home network" to "someone can waltz through my front door."

Anything with added complexity will have a larger attack surface and more failure modes.

If the door is made of cardboard as most us's one are u better get the cheapest one it won't make a difference.... look at an European door if u don't now what I mean...

Check the YouTube channel 'the lockpicking lawyer". He picks locks, both mechanical and electrical. His typical videos don't take more than 2-3 minute because that's all he needs to pick a lock multiple times. Electrical locks usually are opened with a paperclip or something similar. Wat too many locks are designed and built by idiots who have no idea about security