Phone Home?

[Engineer]

This article caught my eye.

The idea of your phone needing web access sounds like it would require you to log-on with a password. I wonder if inserting and turning a key would be quicker in bad weather?

http://www.gizmag.com/the-schlage-link-remotely-controllable-door-lock/10793/

I actually wondered if it might be more secure and quicker if you could just call your door (speed dial) and it would open. The door would only open if the calling number was your phone number.

[Legion303]

The door would only open if the calling number was your phone number.

I think that would be a bad idea. CID spoofing is easier than ever these days.

-steve

[Engineer]

I know it can on landlines, but can that be done on mobiles/cell phones? If so, then it would certainly be a bad idea!

The door would only open if the calling number was your phone number.

I think that would be a bad idea. CID spoofing is easier than ever these days.

-steve

[unjust]

not familiar with z wave control, but really as we (well most of us) know there are easier ways to gain entry than monkeying with all that to worry abotu the security.

heck, proof of concept of takign a pic of keys being taken out to be put into the lock and generating a workable key from that is easy enough, why bother with all that when an old microwave can brick it?

[Legion303]

I know it can on landlines, but can that be done on mobiles/cell phones? If so, then it would certainly be a bad idea!

Cell towers still connect to POTS at some point, and unless they're using ANI now you can still spoof CID.

-steve

[Engineer]

They do, as they need to call POTS. I was thinking the lock itself would take "calls" via the cellular network, so the landline system would never be involved.

I know CID can be spoofed on them, but it takes equipment at cell phone provider level to do that. I don't know if it could be done at user level now though. I just thought it might be quicker, cheaper and more secure than having to use a phone with internet access, as then you are introducing all the security concerns around the internet itself? Even if it is SSLing.

Cell towers still connect to POTS at some point, and unless they're using ANI now you can still spoof CID.

-steve

[ridinplugspinnaz]

They do, as they need to call POTS. I was thinking the lock itself would take "calls" via the cellular network, so the landline system would never be involved.

I know CID can be spoofed on them, but it takes equipment at cell phone provider level to do that.

No it doesn't. I know someone that's running an Asterisk box + VoIP gateway. He wrote a small prank call program into his dialplan, part of which lets you spoof any originating number to the intended recipient. It works on the cell network too, since he gave me the demo over two cellphones.

[Engineer]

Thank you for the info, but you did cut my quote off where I said "unless it can be done at user level now though".

Many vending machines are now accepting payment through a call from a cell phone and debiting whatever is vended to the cell phone number, so I would hope they are not open to spoofing in the same way as that prank call program! Must have been fun to see though.

I know CID can be spoofed on them, but it takes equipment at cell phone provider level to do that.

No it doesn't. I know someone that's running an Asterisk box + VoIP gateway. He wrote a small prank call program into his dialplan, part of which lets you spoof any originating number to the intended recipient. It works on the cell network too, since he gave me the demo over two cellphones.[/quote]

[SnowyBoy]

Sounds like an utterly pointless & stupid idea.

Nothing will be as simple & versatile as a key. At least with a key the only risk it carries is getting copied..... but that rarely happens. Whereas phones get stolen all the time, and like was said, CID spoofing is so simple these days it wouldn't take much to follow someone home with the system.

[Engineer]

Phones are being stolen all the time here in the UK, which does make it seem like an unneccessary risk, as using internet access might also be.

If you do like the idea of using your phone as your key, what I had in mind was something like this:



Where mobile/cell phones are being used more and more as electronic payment systems. I see no reason why the same idea could not be used as a key for your door - Assuming you did want such a system in the first place. I personally would not, not even for the convenience of opening my front door from the car when it raining.

I am also a bit puzzled about all these postings about CID spoofing. Ridinplugspinnaz kindly told me about it being possible even on the mobile/cellular phone (which I didn't know about before), but I don't see how that would help you to get in, unless you knew the PIN to enter when you called the lock? I mean if you are going to shoulder surf me in my car as I phone my door, then you can just mug me anyway, or take a picture of my normal key and cut one from that.

[raimundo]

wrong number calls happen to every phone number, there must be more to it than I got from reading the posts, (not the links) perhaps you call, it answers and then you input a pin number.

Is that how it works?

[Engineer]

That's it exactly Raimundo.

wrong number calls happen to every phone number, there must be more to it than I got from reading the posts, (not the links) perhaps you call, it answers and then you input a pin number.

Is that how it works?

[SnowyBoy]

That's it exactly Raimundo.

wrong number calls happen to every phone number, there must be more to it than I got from reading the posts, (not the links) perhaps you call, it answers and then you input a pin number.

Is that how it works?

So just having a lock on the door you can enter a pin on would suffice surely? Why do security companies like complicating things?!

[Engineer]

SnowyBoy, you have hit the nail on the head there.

I thought it was reinventing the wheel at best, at worst, it struck me as unneccessarily complex and expensive.

You want a wireless method of opening your door, then the wireless section of a remote garage door opener (coupled to a suitable mechanism for opening a house door) would be simple, cheap and relatively inexpensive to make.

If you wanted a "digital door" then there are already many makers of keypads that fit on a door and you have to enter a PIN to get in, for example, Simplex is very well known in America for them.

If you want a door that can open by phone, then have one like my idea of a door lock that has a "phone" built in, you call your door and enter a PIN on your phone (like navagating through voicemail), but if it is the right PIN, the door opens.

You might even use Bluetooth connectivity on your phone to do it, but their method says you need Internet connectivity on your phone. To me, this seems to take much longer, cost more and is less secure than other methods. I have not used the system, but that is what it is sounding like from what I've read.

To me it seems to be a "fashion" choice. An unusual gadget for gadget lovers. Probably seems all very high-tech and secure to most people, but possibly not to the sort of people on here. Fun, rarther than very high-security?

That's it exactly Raimundo.

wrong number calls happen to every phone number, there must be more to it than I got from reading the posts, (not the links) perhaps you call, it answers and then you input a pin number.

Is that how it works?

So just having a lock on the door you can enter a pin on would suffice surely? Why do security companies like complicating things?!

[ridinplugspinnaz]

Thank you for the info, but you did cut my quote off where I said "unless it can be done at user level now though".

Many vending machines are now accepting payment through a call from a cell phone and debiting whatever is vended to the cell phone number, so I would hope they are not open to spoofing in the same way as that prank call program! Must have been fun to see though.

Sorry if my post sounded a bit snippy, it wasn't my intention. The reason I cut off the "at the user level" comment is because in all honesty, I'm not sure at what "level" the spoofing is actually happening, insofar as the network layers are concerned. I've seen in a real-world situation though that any end-user can easily get access to the hardware / software and necessary services to spoof an originating number, which makes this avenue of authentication a pretty poor one.