Maintenance Window Infosec Blog

To content | To menu | To search

Wednesday 6 May 2015

The Open Organisation of Lockpickers Toronto Chapter Meetings


About TOOOL


TOOOL's mission statement from the toool.us website:

"The mission of the Open Organisation Of Lockpickers is to advance the general public knowledge about locks and lockpicking. By examining locks, safes, and other such hardware and by publicly discussing our findings we hope to strip away the mystery with which so many of these products are imbued.

The more that people know about lock technology, the better they are capable of understanding how and where certain weaknesses are present. This makes them well-equipped to participate in sportpicking endeavors and also helps them simply be better consumers in the marketplace, making decisions based on sound fact and research."

About the meetings


The Toronto chapter of TOOOL meets on the first Wednesday of every month from 7pm-9pm at Site3 Co-Laboratory. The meetings are open to all who wish to attend. We have practice locks as well as picks that you can use during the meetings if you don't have your own. If you're interested in learning to pick locks, learning more about locks in general, and discussing physical security then come on out to a meeting and check it out! Site3 Co-Laboratory is located at 718R Ossington Ave (in the alley behind the church, look for the red door). A map and location details are available at Site3's website.

Sunday 29 March 2015

Making Smart Locks Smarter (aka. Hacking the August Smart Lock)


By: Paul Lariviere & Stephen Hall

Introduction:


During a recent Security Compass ‘Hack Week’ we decided to take a look at smart locks in an attempt to assess the current state of Smart Lock Security. For our project we decided to take a look at the August Smart Lock. The August Smart Lock is an electronic locking mechanism that can be controlled from a mobile device. It supports Apple and Android platforms and allows the owner to grant access to other smart phones on either a temporary time limited, or permanent basis from anywhere as long as there is internet connectivity. The August Smart Lock is mounted on the back of almost any installed deadbolt replacing the existing thumb latch but leaving the rest of the lock in-tact. In our opinion this makes it a great solution for renters who already have high security locks installed as some of the other smart lock products require a full replacement of the deadbolt and provide only a basic lock cylinder.

There have been several articles written about Smart Locks lately, including this well thought-out piece by Schuyler Towne. We have not, however, seen any reports of thorough security testing carried out on these devices. In the few days we had to play with the August Smart Lock we were able to discover a series of vulnerabilities that would allow an attacker to add themselves as a Guest to any lock they were in range of, effectively giving an attacker the ability to unlock any lock they encounter.

Continue reading...