Kickstarter: Noke "no key" Bluetooth padlock

[mh]

https://www.kickstarter.com/projects/fu ... th-padlock

Not really a world's first in my opinion, but nice nonetheless.

From the locking mechanism point of view, it looks like a Master Lock dialSpeed.

[GWiens2001]

That would certainly prevent shimming. Hopefully it is fairly solid.

Gordon

[dll932]

I'm impressed. Looks like they covered all the bases.

[averagejoe]

I asked some questions and they stated it will have a 7 mm shackle and that the front and back plates will be around 2mm thick. I dont think that would prevent somebody with a hammer from causing serious damage.

The back battery cover is also threaded into place and is prevented from rotating by a piece of metal that sticks into the back cover when the shackle is locked. I asked about using a pipe wrench or something similar to just force it off and they didnt really have an answer for that.

[mh]

It's not a match for a large sledge hammer, long bolt cutters or other brute force.
But nice on a school or gym locker.

Just like the Master Lock dialSpeed, with maybe more water resistance.

[C-Horse]

So yes while this lock will prevent most bypasses and manual picking they left one door wide open. This is a hackers world, and this lock is a sitting duck. So like I said it may keep us out it won't keep out the Black Hats.

[FancyPants]

This is pretty interesting, but if I'm not missing something... If these locks become commonplace, what's stopping somebody from hanging around bike lockups, simply walking by and applying pressure to the shackle to unlock it (while you're still in range of it) the second you turn your back from the bike? He doesn't have to steal the bike at that moment, just make sure it's unlocked for when he returns in a minute. It takes only a moment, and it wouldn't be terribly difficult to target these locks. He'd have a cool lock, too .

[buddykiller]

So yes while this lock will prevent most bypasses and manual picking they left one door wide open. This is a hackers world, and this lock is a sitting duck. So like I said it may keep us out it won't keep out the Black Hats.

THIS!!!

i wouldn't trust this lock to protect anything i didn't want stolen. this is begging to be exploited! all anybody with any skill at all needs is the lock and the app, or hell even just one or the other depending on the way it works.

the folks of fuz designs are going to have a nightmare on their hands if this lock becomes very popular at all, kind of the like the kryponite of 2014.

[mh]

I don't think so. The app will most likely have a secret key that's different for each lock.
Just like online banking.

If the attacker manages to break into users' phones to steal that key, they could also break into their online bank accounts. So yes, electronic devices may be broken into, but that is not necessarily the fault of the lock designer.

Cheers
mh

[buddykiller]

I don't think so. The app will most likely have a secret key that's different for each lock.
Just like online banking.

If the attacker manages to break into users' phones to steal that key, they could also break into their online bank accounts. So yes, electronic devices may be broken into, but that is not necessarily the fault of the lock designer.

Cheers
mh

nothing is unhackable.

i wasn't even talking about using the actual user's phone, i'm talking more along the lines of buying one of the locks and seeing how exactly the app opens the lock, cracking the app open to peek at the source to check for holes, and checking the lock's electronic hardware for a possible exploit. all it takes is for a black hat to find the exploit before the white hats and sell it on the open market or a gray hat to leak it.

while possibly not the lock designer's fault (i mean they could be sloppy coders, yaneverknow) it'd still be a bleeding nightmare for them if they've sold a few million units and have a 0day get found by the wrong person. from my experience, relying solely on something like a bluetooth connection for security is a major no no.

[Legion303]

The Noke feels really poorly made, and it took me longer to remove it from its packaging than it did to open it without a code or phone. Writeup will be hitting advanced when I get around to it. Checking the app next, but that will take way more time since I don't really care...

[LocksportSouth]

This sounds really interesting, from a vulnerability exploit standpoint. I'd love to see the reverse engineered code for one of these... I'm betting there's a massive security hole in there somewhere, there always is with these things.

Legion - that's really cool that you've gotten a chance to poke at it. Sucks that I'm still a month or so off of being able to even apply for Advanced . Can you give some kind of summery of the weakness you found without going into any detail? Or would there be no way of summing it up without breaking Advanced rules?

[averagejoe]

The Noke feels really poorly made, and it took me longer to remove it from its packaging than it did to open it without a code or phone. Writeup will be hitting advanced when I get around to it. Checking the app next, but that will take way more time since I don't really care...

I was really tempted to get in on it but after pointing out several security concerns both publicly and privately and having them blow me off I said screw it. I will be looking forward to seeing just what they finally ended up with.

[mh]

The Noke feels really poorly made, and it took me longer to remove it from its packaging than it did to open it without a code or phone.

Interesting, maybe you can start with just a few lines, adding the pictures later...
From looking at an intermediate prototype, I wasn't really impressed by the concept either, with just one side locking.

Cheers
mh

[MacGyver101]

I was hoping to have a chance to poke at one over the holidays... but am apparently still a few weeks back in their shipping queue.

Sounds like the physical locking mechanism may be fully dissected before mine gets here; I'll have to pull apart the Bluetooth LE signalling and see how well they did on the electronic side of things.