Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The line between software and hardware is hard to distinguish when we talk about ASICs and FPGAs, but they still should be responsible for core functionality (i.e. locks) as they shipped insecure software.


But why? Locks are working. They perfectly fulfill requirements for the lock. Open/close with a key, stay closed if tried to be opened without a key.

There is no such thing as secure lock. Any lock could be open without original key. The difference is in the amount of effort.

Still baffles me that KIA sold cars which can be driven away using screwdriver and USB cable.


> There is no such thing as secure lock.

These in fact do exist, but they have properties unsuitable for many use cases, such as taking 8-24 hours to open if you lose the key/combination or a mechanical fault occurs, and being part of a system so heavy the floor beneath them have to be constructed to support the weight. (A friend of mine was a master locksmith for many years and worked on such locks, mostly for government contracts.)

In case of a lockout often the easiest way to open them is a brute force attack using a device called an autodialer.


There are some locks that cannot be opened without the correct key. Abloy and BiLock are two examples.


I assure you, Abloy locks can be picked, e.g. https://youtu.be/oxfUmcMzx08




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: