Are smart door locks more or less secure than traditional door locks?

Less. Look at any Lockpicking Lawyer video on YouTube as he demonstrates in real time how bad they are. Most of his videos are under 5 min

If you want to really turn yourself off smart locks check out any DefCon talk about smart locks or "smart" devices in general.

If there is no keyhole to pick then it is probably marginally more secure, but if a burglar wants to get into your home then no door lock is going to stop them. They could just break it or break your windows.

Against what sort of attack? Who's the attacker? What capabilities do they have? What do they want?

There's a saying, "locks are to keep your friends out." If someone really means you harm, a lock is not going to keep them out: they can smash a window, break down the door, or hit you with a rubber hose until you give them your keys or passwords. This applies no matter what kind of lock you have.

But a lock represents a social barrier: everyone knows that trying to defeat someone else's lock is a hostile act. The law recognizes this in many places: breaking-and-entering is a more severe crime than trespassing.

A lock may slow down an attacker. It may redirect an attacker to go after your neighbor's stuff instead of your stuff — but not if everyone has locks.

A password lock has some advantages over a key lock. You don't have to issue physical keys to everyone you want to allow in. Many allow you to create and revoke passwords separately — so you can grant a friend access to your house while you're away, and then revoke it when they no longer need it.

However, a password lock also has some disadvantages. If you give a password to one person, that person can easily give it to everyone. That's a lot harder with a physical key, because they'd have to go make a lot of copies of that key — which, if nothing else, costs money and time.

A computerized lock can create an audit trail: it can record when it was opened, and even which credentials (passwords, keys, ...) were used to unlock it.

Any lock can have vulnerabilities — most common key locks can be picked; computerized locks can be attacked through their computer hardware or software.

They have a regular backup cylinder that has all the vulnerabilities of a regular lock.

On top of that they have a bunch of electronics that can be vulnerable.

I can't see how it would be possible for them to be more secure unless you're someone who leaves their keys around a lot and a smart lock would let you not have a key on you.

Thieves don't pick locks or hack them. You mostly want to protect against brute force.

Anything with added complexity will have a larger attack surface and more failure modes.

Things might be different by now, but when I was researching this I decided on the Yale x Nest.

It's more secure than a keyed lock in the following ways:

• Can't be picked (no physical keyhole).
• Codes can be revoked or time-gated (for example, you can set the dog walker's code to work only at the time of day they're expected to come by).
• Guest codes can be set to provide real-time notifications when used.
• The lock keeps a detailed log of every time it's used.
• The lock can be set to automatically lock the door after a certain amount of time.

It's less secure than a physical traditional lock in the following ways:

• Compromise of a keycode isn't as obvious as losing a key, so you might not change a compromised keycode the same way you might change a lost key.
• People can theoretically see a code being punched in, or intercept compromised communications to use it.
• Compromised app or login could be used to assign new codes or remotely unlock

It's basically the same level of security in the following ways:

• The deadbolt can still be defeated with the same physical weaknesses that a typical deadbolt has: blunt force, cutting with a saw, etc.
• The windows and doors are probably just generally weak around your house, to where a determined burglar can get in no matter what lock you use.
• Works like normal without power or network connection (just can't be remotely unlocked or reprogrammed to add/revoke codes if not online)

Overall, I'd say it's more secure against real-world risk, where the weakest link tends to be the people you share your keys with.

Ask the lockpicking lawyer. He regularly opens them on YouTube. On the other hand, he opens about anything. But those "smart" locks usually have additional weaknesses.

Every one of the locks pictured have a traditional lock as a backup. Therefore, none of those smartlocks could ever be more secure. Even if the smart parts were 100% flawless, the lock will have all the weaknesses of a traditional door lock because one is included as a backup.

If you were to spend an equal cost on a lock, you will get more security from the traditional lock because all the budget can be spent on the lock instead of split between the lock and the electronics.

But how valuable is the security of the lock anyway? The weakest part of your home is the windows. If someone wanted to break into your house they can break your windows and climb through regardless what lock you have on the front door.

A smart lock with a keyhole is never going to be more secure than a standard key lock as it is a standard key lock. Now that being said if the door will let you know every time its opened you could possibly head something off

Far too many smart locks that are connected to a deadbolt use an actuator which can be tripped with a powerful magnet. No way would I trust them.

The LPL would have had to test them for me to trust them.

Any person that specializes in IT will know that most of these smart locks/security measures are bullshit and traditional methods are much better.

I know smartlocks have had their share of vulerabilities. I remember 3 or 4 years ago hearing about things such as sending codes un-encrypted over wifi or basing their security on MAC addresses alone. Both are practically a 'key on top of the doormat' travesty. THis may have got better. I think the issue is that manufacturers jump at a market without having much knowledge of IT security. Similar to whats happening with the connectivity of cars. The fact that most peeps in IT security(ok, they might lean towards the paranoid) will not have a smart lock on their house is enough for me for the time being.

Definitely less secure, but way more convenient. Security for residential door locks doesn’t really matter that much though; thieves are unlikely to try to pick your lock or use some smart-device exploit to access your home - they’ll just smash a window.

A dog with a loud bark will always be more effective than any lock or security system. My border collie is a super lovable dog but her bark is designed to scare off wolves. It's sounds mean and scary. Truly one whose bark is worse than the bite. She hasn't ever bit a human but she pinned a pit bull that challenged her and gave him a bite to remember.

I pick locks as a hobby. Your door lock is almost never the point of attack. It's way easier to break the door or windows. Only time picking would be useful is if you need to conceal that you've entered, which burglars don't typically care about.

I feel sorry for my neighbor who has to repeat whatever phrase his smartlock accepts over and over while being locked out of his house.

So, disregarding physical brute force (because that lock bypass method will never change), let's say a smart lock today is functionally equivalent to a traditional lock in terms of security. How's that smart lock going to look in 5 years? In 10? When is the manufacturer going to abandon the product and stop providing security updates? It's only a matter of time before whatever firmware it shipped with becomes obsolete. And then it's just one more thing on the list of pwnd devices that unscrupulous actors can access at will. Your friendly neighborhood junkie in search of quick cash might not know the difference, but a list of people that have e-Lock v2.2 would be very lucrative to the types of people that run the current smash and grab operations.

Soft/firmware obsolescence is a thing with any "smart" device, but it becomes especially egregious when it's built into what are traditionally durable devices like appliances. And even more so when it's something embedded, like a lock, outlet, etc. It becomes "replace that light fixture, or leave that vulnerability on the network." A lock takes that from "someone can waltz into my home network" to "someone can waltz through my front door."

if someone wants in, a lock wont even slow them down. check out lock-picking lawyer

It depends on your threat vector. In the academic sense they're less secure but if you often loan out keys they're more secure because you don't have to give someone the key. If you often forget to lock the door they're more secure because you can do it remotely.

"The weakest part of the door is the window (next to it)"
"You don't need a key when you have a brick"

In my case, definitely more secure. If I'd given my kids a key, my ex was likely to copy it without my knowledge. With a code, I could tell them to go ahead and give him the code if he pressured them, then just change it.

And I still have a non-electronic deadbolt.

From what I've seen? Considerably less secure.

Many of them feature a normal pin-tumbler lock cylinder as a backup in case the electronics fail, and best case scenario it's going to be as mediocre as any old Kwikset hanging on the peg on the comedy aisle at Lowe's. So you're probably still vulnerable to key theft, key duplication, picking, combing, raking, jiggling, etc.

Then there's the electronics. A surprising number of them rely on either a solenoid to directly operate the latch/bolt, or a relay that energizes a motor to do the same, both of these are vulnerable to attacks by magnets. A stupid number of them are vulnerable to disassembly attacks. There are trace evidence attacks such as looking at the keypad and noticing where all the fingerprints are, there's just watching you dial the combination...

And the smart phone app driven ones...sure, let's send a signal that means "I just got home" across the internet. That sounds safe.

Researched a bit into this some time back and I was not convinced.

It would be nice to have a lock I could assign entry codes for different users and still have a physical key as an emergency backup but the obcession with these locks being tied to an app and/or internet discouraged me.

I stayed with purely mechanical locks with complex keys and secondary arms that make the task to break down a door much harder.

Don't know how it is in other countries but I've been to shops where I specifically asked for locks that would give a locksmith a bad time to pick and was shown a few models where the only way to break it was to put a whole cutter to it and cut out the entire drum.

Permanently Deleted

One thing people aren’t considering is that if we assume that it’s relatively trivial to bypass either a classic lock or a smart lock, only one of the two is likely to give your phone a notification that it’s been opened in your absence.

I have a smart lock and tbh hate it. I’m not sure the security difference, but it’s more inconvenient than a key, takes longer, needs me to pull out my phone, open an app and then I can unlock my front door.

Unfortunately getting away from them in moderately upscale apartments is getting harder and harder.

It's important to remember that no lock is entirely unpickable. It's just a matter of time, skill, tools, and know-how. Generally speaking, if someone is willing to pick a lock, they will be able to pick your lock eventually.

But arguably even more importantly, most people do not possess the skill, tools or know-how to pick a lock and will not try. So you get the same benefit from just about ANY lock for the vast majority of people that might break into your home, in that any functioning lock will deter them equally.

Also, even if you have the most secure door locks known to man, even if they are literally unpickable, that will not keep motivated people from entering your home through other means. Having a perfectly secure lock just means that it become preferable for them to break in through a window, by literally breaking in a door, by your crawlspace/basement access, etc. They could also catch you outside the home and use you to gain access by threat, trickery or theft of your keys.

So, to me, even if a smart lock is less secure than a standard lock they are both going to act as sufficient deterrence for most situations and the tangential benefits of a smart lock can be worth the marginal loss of security. But that's a choice you have to make for yourself.

Edit: Also, some features can make smart locks massively more beneficial to addressing a break in attempt even while being easier to actually break in. For example, there are can be some secret distress features, like a alert combination that unlocks the door but also secretly alerts the police of a break in. Or notifications that alert you that the door was unlocked even when you aren't home. Smart locks come with vulnerabilities, yes. But also unique features that you can't get with conventional locks.

Both at the same time. Different attack vectors

Check the YouTube channel 'the lockpicking lawyer". He picks locks, both mechanical and electrical. His typical videos don't take more than 2-3 minute because that's all he needs to pick a lock multiple times. Electrical locks usually are opened with a paperclip or something similar. Wat too many locks are designed and built by idiots who have no idea about security

If the door is made of cardboard as most us's one are u better get the cheapest one it won't make a difference.... look at an European door if u don't now what I mean...

It's more secure as in I can't forget to not lock the door, since it auto-locks. Also I can't lock myself out of the house if I leave my keys inside, which I have done in the past lol. As the other nerds in here have said, it probably won't keep you any safer against people breaking in though, but I think of it in terms of convenience.

They have their conveniences but I want to get this lock. It's design makes picking next to impossible. Lpl couldn't even get it. https://youtu.be/qV8QKZNFxLw?si=1WCdQCktVfGhJtsm

Less secure.

If you need electricity to operate your locks, a power failure is the difference between you sleeping on your front porch, or burglars having a key to your house.

How easily could the Flipper Zero hack a smart lock? I'm guessing relatively easily.

How bad some of the "secure" backup locks are or the failsafe mechanics of those or even just the software of not even cheap products are most of the time real bad and just adds more fail points.

I have august door locks, from the outside you wouldnt know its there. They eat up batteries frequently.

ssh me@home3

me@home3 // : sh ./scripts/unlock_deadbolt.sh

*click*

me@home3 // : exit

More ways to open is leds secure than leds ways to open. That said if you have an unsecured window, then that is the weakest link of the chain.

Much less secure, but most of either regular or smart locks are security theater anyways.

well, what do you do if it runs out of battery? electric locks really only make sense on gates and doors in apartment blocks, where it's okay to have it just default to open in case of failure.

Depends. Any modern lock can easily be picked with something called a comb, which can bypass all the pins by pushing them far up into the lock so it can turn. However, the position on the security of pin pads is debatable. Regardless of which is better, both can easily be bypassed with a drill, so I guess neither.

Yes