• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

High-Tech Lock, Low-Tech Security

October 24, 2018 By Trevor Collins

Last week, BoxLock showed off their high-tech security lock that includes a bar code scanner on the ABC show Shark Tank. The lock was designed for applications where you would want to allow third party access to the protected area. For example, a delivery driver can open the lock by scanning a package bar code, and the lock would take care of marking the package as delivered. A device like this is useful to protect packages that are left on your front porch from theft. The implementation of this lock wasn’t enough to get one of the sharks to invest though. Additionally, the lock itself was not as secure as it should be.

While a network security specialists would look at vulnerabilities on the wireless communication to see if there are any unauthenticated commands that could be sent or spoofed, a lock specialists, such as the LockPickingLawyer, would look at the physical security of the lock. This particular lock that made it onto national TV had a little flaw the LockPickingLawyer recently posted a video showing that a screwdriver could disassemble the lock. This isn’t the first or even second time a screwdriver was able to compromise a network-connected lock device. In the case of the BoxLock, he removes two screws from the bottom of the lock before pulling the lock apart with his hands in just seconds. Next he removes 4 more screws to defeat the locking mechanism. As he points out in the video, the record for tech companies creating a physical lock of quality is very poor.

As we continue to digitize many of our devices, we cannot forget about physical security. In many cases, once someone gains physical access to a device, they can bypass all passwords and security. For example, they might copy the configuration from the device through serial access, edit it and re-apply it.

Except for high-quality commercial security systems that can be expensive and out of the reach of small businesses, the old fashioned lock and key is likely the best option for physical security for the time being.

Share This:

Related

Filed Under: Editorial Articles Tagged With: Infosec news

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • How Not to Update Software

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use