80 comments

[ 0.71 ms ] story [ 110 ms ] thread
> What I like about this lock is that ... But, most importantly, it can be locked/unlocked with a tap in Home Assistant.

This is the line I am not willing to cross.

Do I believe that the security of Home Assistant and the plugins that surface this to web/mobile interfaces is such that I'd risk the physical security of my home and possessions to it?

I love the Pi doorbell project, and could eventually be onboard with a home security company producing a smart lock I would consider... but enabling a lock via Home Assistant to grant access to the house, disable alarms, etc (assuming HA scripts like "when the door is unlocked disable alarm to prevent false positive", etc)... I suspect my insurance company would consider this an act of me leaving the door open and granting access to people who later stole stuff and that they wouldn't pay out.

The thought of - if the 'bad guys' get access to a single machine, they can potentially control every security related device in my house makes me very anxious.
I don't know about your average bad guy, but here in France they smash your window with a rock found nearby then take everything they can in 5 minutes.
If you ever have the opportunity try to smash a modern double-glazed window with a rock. Stand well back though because the rock will just bounce back at you.
Large parts of Minneapolis beg to differ.
You just need to be slightly smarter than the average opportunistic thief. Hit the glass very hard in the corner where it is held most firmly so that you get a large force distributed over a small area, that is the largest stress. The same thing goes for smashing a car window. I have a small spring loaded device on my keyring for exactly this purpose [1].

A slightly smarter thief might carry a hammer specifically designed to break double glazing [2]. Mind you carrying that in the UK could count as 'going equipped' if you don't have a plausible excuse.

Otherwise just use a heavy pointed rock in the corner of the window.

But of course most burglars don't break windows, they take advantage of open windows, doors than can be forced, sliding doors that can simply be lifted out of the track, and other flaws in building security.

[1] Like this: https://www.smartasaker.no/no/artiklar/resqme-belteskjarer-a... [2] For instance: https://www.amazon.co.uk/dp/B00EFZC62Q

What I've noticed is that in France most people, including in flats, have extremely strong and secure doors and locks while here in the UK most people have simple doors with simple barrel locks.

It seems massively easier to break into a home this side of the channel.

In my area they learn your schedule, break in through the back door with a crowbar while you're walking the dog, and have a friend pull a moving van into your driveway. At least that's what one very successful group did a while back before they got themselves caught.
A) what bad guys? Best to try to be specific when you’re threat modeling.

B) Does your home have easier ingress methods that don’t require finding the server, hacking into it, and hitting the correct button? For example, a first floor window?

(comment deleted)
B) being true doesn't make the cautiousness around home smart device security less important. Do you want to elaborate on where you were planning to go on this?
I guess my point is to be realistic with your threat modeling. Sure don’t advertise the wifi password that grants access to your smart lock, but also realize that the vast majority of crime is that of opportunity. Unless you think you are being targeted by sophisticated people who want more than your cash and tv, worrying about the security of your IoT devices is probably misplaced.
I agree that most crime is crime of opportunity. I'd categorise automated bots sniffing for open ipcams, or other devices as that too. I consider my privacy is as valuable as my possessions :)
Yeah... great idea to hang just such a machine with credentials on an SD card in a plastic box outside your front door.

I need a video doorbell with my own remote storage. but the camera sensor part and the button needs to be the only thing on the untrusted side of the door.

I’d probably trust HASS more than most of the alternatives. I was looking the other night and it’s basically Samsung or brand names I’ve never heard of before.
Not immediately obvious to me whether such a thing is more or less secure than your typical consumer door lock for whatever threat model you are concerned about.
For neighborhood burglars who pick on you for conventional reasons, it will reduce security by an infinitesimal amount because they probably won't think "oh a smart lock, let's hack that for a quieter entry."

For hackers anywhere who don't mind traveling, perhaps a few would think "hey we already got the door unlocked, maybe we can burgle the place, too."

Far fetched, but who knows.

The thread model as stated is "the insurance company notices there is something nonstandard about the lock and denies all claims."
Does anybody actually expose their Home Assistant installation directly on the Internet these days? Just use WireGuard!
This. And if someone has full access to my internal network, then I've got bigger problems than my TV being stolen.
This is a really interesting view.

If someone has broken into my home, I have much bigger problems than if they've managed to break into my wifi or VPN gateway from the internet.

He probably has a cache of Bitcoins
I think the idea was that if an attacker sophisticated enough to overcome your reasonable defenses protecting your local network and potentially hack your Home Assistant installation or whatever else, then they're probably sophisticated enough to do something much more damaging in the long term than unlock your front door and steal your TV or whatever—eg hack your laptop/NAS/etc and clear out your bank account or steal your identity or similar.

Though I just realized that I'm privileged enough to live in an area with a low violent crime rate, so physical violence isn't part of my threat model... if someone has broken into your home and you are home at the same time, you're right, the security of your local network is probably the least of your concerns.

Nginx proxy exposed on ports 80 and 443, passing requests to HA running internally. What is wrong with that?
You're exposing it directly to the internet. It's an attack vector because it's accessible. If a vulnerability is found in HA, you can be hacked.

The secure solution is to not allow remote access and use a VPN to connect to your local network (such as WireGuard) as the commenter you replied to suggested.

If you're depending on HA's built-in auth, you're at risk of bugs in that code.

If you throw up HTTP basic auth on your HTTPS front end, you've now moved your risk away from bugs in HA's code, to bugs in nginx's (or whatever HTTP server you use) implementation of HTTP basic auth AND bugs in HA's code (odds of this being a real event just got smaller)

If you throw a VPN in front of all that as well, you've now moved your risk away from bugs in nginx's code, to bugs in your VPN implementation AND bugs in nginx's code AND bugs in HA's code (odds are now really small).

This is also known as defence in depth.

I realize that but if you don't, then HA won't be accessible to you if you are somewhere where WireGuard is not possible. Does HA have an exceptionally bad security record? I think one just needs to define one's own acceptance criteria.
Hence the suggestion of at least throw up a second level of HTTP basic auth from nginx in front.

> HA won't be accessible to you if you are somewhere where WireGuard is not possible

At that point, you also really want OTP (along with nginx HTTP basic auth), as if you're connecting from a device you don't control, it's not a bad plan to assume a keylogger may be operational.

Can you help me understand a situation where you have to get into your HA instance, and none of your own personal devices are able to get online?

EDIT:

> Does HA have an exceptionally bad security record?

Is a lack of regular security fixes needed evidence of good code, or due to lack of inspection / identification of vulnerabilities? HTTP basic auth is like a seat belt. It's a minor inconvenience that adds a layer of security. I haven't had a car crash, nor has my infra been exploited to the best of my knowledge. I still use both HTTP basic auth and seat belts every day.

How does WiredGuard work?

Would I install it on the Raspberry PI I have Home Assistant on? And they how would I remote into it over the internet?

Install it on a machine in your network, it doesn’t have to be the same one HA is on.

Once I had seen how you add a client (correct word?) to the VPN via the ssh QR code thing, my mind was a little blown and I very much felt I was in the future.

Then you use the app on phone or laptop to connect to your home lan.

It all runs in Docker, and a mini warning - the internal networking of the WG install was a little finicky for this first timer.

Wireguard listens on UDP. So on regular home network with NAT you'd port forward it's UDP port from your router to which ever device is running it. This could indeed be the same Raspberry Pi.

The main points are:

Wireguard uses fairly strong and trusted encryption; this is basically shown by the fact it managed to be mainlined. It's basically foolproof, you don't have a myriad of options to choose from that can lead to insecure configuration.

It's faster than OpenVPN and less complicated then IPSec. It's easy to tunnel all traffic or just a subset through the VPN. It should deal with roaming IP addresses fairly well (so works on a train as well as your net will).

Basically, if the only open port from the internet to your LAN is wireguard, you're probably not going to be breached by someone coming in the front door.

Obviously, if you open a cat.jpeg.exe when on you're network, your inbound firewall security is no longer going to be helping you, however there are also ways around this. I.E. you could segregate your desktop and phones from the main network, etc. But then a rouge IOT device that does need to connect to your homeassistant could cause problems, and you probably want some access too, so you probably want to setup some kind of auth...

Yeah, I guess it can get convoluted if you're not happy with some risk / work...

In terms of security, thinking that your door lock will protect you is not a good strategy. There are many ways in which your door lock can be opened or broken. If it is a house, there are many other alternatives, like breaking through a window. I don't think that this smart lock, if well configured, makes you any more less secure.
If someone has to break a window to get in, you've got clear evidence of a break in. Insurance will be easier, the police will take you more seriously. It also deters casual thieves who might try the door. Sure, any lock is more deterrent than a fortress, but that doesn't mean you shouldn't bother.
I think the difference the OP is pointing out is that, insurance can look at a broken door or a broken window and say "yep, this is where the person entered the property." Whereas they'll look at a home-built door lock that was hacked/bypassed and deny any claim, on the basis it "wasn't secure enough" - similar in vein to just leaving your front door unlocked, you won't get any sort of payout
I think @pqs' point is a valid one though: circumventing a home lock by compromising a home automation system's security is surely a higher bar for thief to overcome than breaking through a window, so it's a bit funny for the former to be categorized as a failure on the part of the homeowner, while nobody is expecting everyone to install bulletproof metal shutters.
Sure, breaking a window is easier, but that triggers an alarm and arms the home defense system.

If, OTOH, the thief subverts the home automation system, not only can they open the door and disable the cameras, they can instruct the system to pipe the anti-intruder knockout gas into the biolab/hackerspace where you are burning the midlight oil, working on your revolutionary chimpanzee/cheetah hybrid pizza delivery servant. The thief is then able sneak in undetected and steal your zygotes and tissue samples. Worst-case scenario, they'll take a kidney as well. Yours, I mean.

This is why it's so important to have physical safeguards in place, like the mechanical stops that keep the home defense cannon in the foyer from being aimed away from the front door.

And obviously bulletproof metal shutters.

"You only need a lock that looks better than your neighbours".

If you take your average thief, they will walk past your house and if it looks like it's worth breaking in they will do this, or go to the next house that looks easier or more promising. They won't even notice your custom smart lock solution and think it might be hackable (unless it's a common brand with a generic explain available, think of scriptkiddy hacking skill requirement). They will go for the easiest thing, like a open window, or break a small window to open the door from the inside.

Now if you have a dedicated thief that wants to rob you specifically, they might want to invest into hacking your lock. But only if the rest of your house is already a fortress, or covertness is really key. But if they really want something they might just take an axe to your door and threaten you to open your vault.

"If you need strong security, then there must be something valuable to protect."

If you take your average thief, they will walk past your house and if looks like an wide open door, then he knows there is not much to get and will walk past next to a bit better protected door.

> then he knows there is not much to get and will walk past next to a bit better protected door.

In parts of South Africa there has been a continual levelling up of security systems in neighbourhoods where crime can involve fatal assaults in your own home as well as casual burglary. As soon as one resident installs something that seems to add security, the neighbours may rush to install it themselves so that they aren't seen as the softest target. This is in places where many houses have signs saying that they are protected by armed rapid response teams.

Source: expat friends of mine who lived for ten years in communities that went from 'normal' houses (locks), protected properties (e.g. sharps on walls), gated communities, high-protection gated communities.

[Edit - clarity]

In our home in a Southern Indian state, we have multiple locks, glass shards on the compound walls, a regular police patrol every 2 hours in the night and a watchman for the entire community. We're currently in the process of getting a new security camera system and some of our neighbours have gone as far as to get fingerprint enabled locks. But all that doesn't stop us from falling victim to petty theft, largely by hired help. A former maid was caught stealing cutlery (not even silverware), another one caught stealing a bunch of forex, and yet another stealing a bunch of cosmetics. Calling a repair person means watching over him while he works so as to ensure that he doesn't pilfer parts away - imagine having a few screws stolen here and there from your cupboard, or your bolt lock being stolen. It's funny in a way I guess.

Some folks, like one of my wealthier uncles, even hires Gurkhas with khukris and guns to guard their house. But his house is right on the highway, so some caution might be adequate.

I have a connected security and fire alarm system, but I got it mostly for the fire alarm system now that I have kids. For it to be a security system is only an added bonus for me.
That's not how any insurance I am aware of works. Leaving your door unlocked does not void your homeowners insurance.
> There are many ways in which your door lock can be opened or broken.

I once locked myself out of the house and called a locksmith to let me back in. He didn't even touch the lock, he just reached through the letterbox with a lever and operated the handle from the inside. I felt a bit stupid paying him to do it really, because I could totally have done that myself if only I'd thought of the idea, but of course that's easy to say once you've seen how it's done.

Same happened to me and the locksmith just used a piece of strong plastic sheet (like credit cards in the movies) between the door and the door frame to open the latch bolt. It took about 2 minutes...

And once it also happened (I know...) with a secure door and lock, and although the locksmith had to break the lock he managed in under 10 minutes.

My conclusion is that residential doors and locks, even secure, expensive ones, are no match for professionals. They protect against opportunity theft and idiots.

I love watching the lock picking lawyer on YouTube and how easily most locks are defeated. When I was like 16 we were interested in lock picking simply for the challenge. It didn’t take long with some filed down and bent mini flat head screw drivers from the dollar store and me and my teen friends learned to open pad locks. We had no skill just mostly raked across the pins and a lot of locks that is all it takes. It quickly made me realize locks are mostly for honest people.
The "state of the art" in residential door locks in the US is also rather poor, to the extent that only a modest skill level is required to defeat them. I'm not sure why it is that European homes and businesses usually employ much higher quality locks, I suspect just that burglary via lockpicking is more common in Europe, but it can be difficult to get a high-quality residential lock in the US if you want one without paying exorbitant fees to a locksmith for a commercial contract.

All this said, FBI statistics on theft show that lockpicking (I believe all lock bypass methods are included in this count) is fairly rare at only a percent or so of burglaries. Up to maybe 3% if you generously assume that cases where 'doors and windows were locked, entry method unknown' were all a lock bypass. They don't break out doors vs. windows, and my suspicion is that windows are actually a large portion here because many older residential windows (and even newer ones) have pretty defective locking schemes. It is more common for the burglar to simply have a key (they don't drill in on why the burglar has a key, perhaps a hidden spare or someone known to the victim).

So in a way all security concerns around smart locks are probably somewhat moot, even with them having a somewhat poor track record for secure design. It's more useful to think about this in defense-in-depth terms, and that's where my concern about too much HA involvement comes in. An HA system, from one perspective, would ideally form a unified control point for all security devices in the home. The problem is that, for one attack vector, this reduces the "layers" of defensive measures to only one: access to the HA platform.

A situation where a burglar could potentially gain access to your HA and simply unlock the door and disarm the alarm is much more concerning than having a lock and an alarm which are independently controlled. Beyond this, for home insurers to consider an alarm as contributing to security it needs a UL certificate, and while I have not thoroughly researched this, I get the impression that the UL certification scheme is generally hostile to having alarms that are "too extensible," because it introduces a large number of new potential bypasses as well as reliability issues (this may also be an issue with your police department's false alarm program).

All of this said, if you do have a burglar alarm, having a private security company respond is not a bad idea. There are often security companies that will do this "for free," only charging you if/when they actually respond to an alarm. They will generally arrive before police and because they are being paid for their time they are often more attentive, and will do things like guarding the home until you return if a door or window has been forced and is now insecure. Their written report can also be very helpful when you go to the police and insurance.

My risk vector isn't someone breaking in.

It's whether insurance pay out.

I agree with you on the 'door lock will offer protection'. The vast majority of break-ins are actually climb-ins through an open window (forced or not), or by smashing a door window. Once you have a decent lock installed thieves will find another way to enter your house.

Some of these smart locks however turn out to have MASSIVE exploits (sending out unencrypted bluetooth addresses for instance). Sure, you could research and pick a lock from a wellknown brand with proven security. The downside to software security is that there is a possibility that a hack can be developed in the future. With an old-fashioned key, the risks are pretty well known.

I'm a big fan of home automation (Home Assistant user here). I'm rather proud of my setup where I can measure, control and secure my entire house. But I'm not using smart locks. Their use cases are, in my case, very limited (I've never encountered a situation where I thought 'darnit, I wish I could open that door without a key') and therefore not worth the extra risk.

Unencrypted Bluetooth is the least of the problems with "smart" locks. All too often, a simple permanent magnet is all that's needed to pop the relay that controls the lock's solenoid.

Obligatory LockPickingLawyer: https://youtu.be/XXW27KKHtc8

Isn't that only possible if the relay is stupidly placed on the outside? All of the control should happen on the other side of the door, with the entry device simply feeding the input over.
With a local installation I see no problem. It gets weird if your internet fails and you door doesn't open anymore.

That said, you are probably right about insurance if you installed anything yourself without mechanisms to ensure the door is closed in all failure cases.

edit: That other insurance might be less happy with that in case of fire emergencies of course.

IoT is not about creating doorbell from raspberry pi and then writing a blog post about it. It's about creating new monetization channels where there were none before.
That’s exactly why he picked a steampunk theme, it makes the product attractive, all from the get-go.
I mean, slap on a nice website, logo, some nice packaging and branding and boom you’ve got a product that you can sell.

Ahem nest.

It's not DIY but CIY - Cobble it yourself. I wish we could see some more ambitious projects, but whenever I see a post with RPi, pretty much always, someone connected something to it and that's it. Where is PCB design, where is soldering, where is programming, where is 3D printing?
Also, is this the best application for an RPi? It reminds me of the electronics magazines of the 80s, which always had projects for better thermostats which nobody really cared about.
I mean, what would you prefer, that he didn't make it? If you want better applications, I'm sincerely looking forward to seeing what you make.
I just finished building an alarm clock for my daughter. I didn’t yet build my own PCB but maybe that be a future iteration. https://youtu.be/r2SdpJf9KkA
This is very neatly done and i'm in deep admiration of the quality. When i tried this back in 2011 with the GPIO pins on a Linksys WRT54G, the three biggest challenges were:

    1. Securing the device - which in practice meant all my hardware had to be mounted inside the property of the back of the front door
    2. power supply - i battled with voltage sag due to the crap thin wires i used and the long run from the plug socket
    3. The video resolution was terrible, to the point of not being useful at all
It's interesting to me that in almost 10 years, only #3 is really "solved". 2 is arguably solved given the cheap high capacity lithium batteries available.

My attempt back in 2011:

https://postimg.cc/hfhyWGXZ

https://postimg.cc/R6Rs961y

Linksys WRT54G, I broke out the GPIO pins to service a microswitch on the letterbox and the doorbell button. A cheap USB "spy cam" from ebay with a resolution of around 20px x 20px. It looked horrendous despite my best efforts to mount it neatly.

OpenCV existed at the time but wasn't available on this platform. Instead i read from /dev/video, converted the image to greyscale, then comparing pixel by pixel the luminosity vs. the previous saved file. If the cumulative value crosses a certain +ve or -ve threshold it treats it as motion detected - which turned out a terrible approach in practice :-)

> i battled with voltage sag due to the crap thin wires

Use 12V wall wart and a small 12V to 5V converter by the Pi.

I've found great use of these little ones:

https://www.aliexpress.com/item/4001296827182.html

Ahh the linksys was a 12v device, the wall wart i had was unregulated and the wires were rubbish.

The little stripboard daughter board in the pics is hosting an LM7805 to power the usb webcam thing because the wrt54g usb port itself was a bit of a hack https://wiki.dd-wrt.com/wiki/index.php/USB_mod_WRT54

Ah yeah I was thinking about the article solution. If you need 12V at the device, I'd use a ~18-24V wall wart, laptop supply or similar with a DC-DC converter.

The LM7805 works fine for low currents, but being a linear regulator wastes a lot of power which gets turned into heat once the current goes above 100mA or so.

Author of the blog here. Thanks for posting. Feel free to drop me a line on the site if you want to chat about the project(s).
Noce project. How do you get around the fact that the SD cards often die? Every pi I've left running as a 24/7 has died weka to months later.
Regarding smart-locks, I don’t want remote (un)locking but I really would like to know whether the doors are actually locked - for peace of mind going to bed, or when driving off from home.
That's a good idea, a lock that can remotely lock but not unlock. I mean physically, it can turn the lock right but not left.
You could, youknow, just check the door when you leave/go to bed?
Are there any commercial smart doorbells that don't require the cloud?
Ubiquiti has a doorbell in their UniFi range. No cloud required. Not that interesting unless you're looking to use the other UniFi products as well though, as it's a bit of an investment to get into that ecosystem.
Is anybody else confused by the market need to make everything an IoT device?

Besides lighting and heating and cooling appliances, the use cases for a smart fridge, oven, or microwave make no sense to me.

I'd like a smart oven.

It would be great to be able to throw a prepared casserole in the oven, go to the park with my kids, and then turn the oven on when we're about ready to head home so dinner's basically waiting for us when we get back.

Currently if I want to take the kids to the park before dinner I end up choosing between leaving earlier so there's time to make dinner, getting take out on the way home, or doing something super fast and low effort when we get back. Sometimes I use a slow cooker which provides some sort of solution but limits the type of dishes I can make.

Does it contain a "fire starter" like one famous vendor?