How unreasonably paranoid am I being?
January 14, 2019 7:50 PM   Subscribe

My apartment complex is installing keyless entry for each unit. As someone who believes that household objects that aren't actual computing devices have no business being on a network or requiring a power source, I am not pleased. Worse, they're responding to valid after-hours lockout cost complaints by providing a phone app that can be used for unlocking the door, which seems like an additional vulnerability in the system. Am I justified in my concern, or should I get over myself?

To answer a few things up front:
  • Yes, I know physical locks aren't inherently secure, as they don't require too much specialized knowledge to pick and anyway someone could just take an ax to my door if they were that motivated. I know locks in general aren't protection against people with bad intentions.
  • I'm also aware of the many concessions to privacy and security I already make in my life by owning and using a smartphone, and participating in social media. I am deliberate and mindful about my usage and the permissions I grant--and I still know it's all so insidious that I almost certainly don't fully understand everything my phone and my social network accounts have access to.
  • My phone is encrypted, I don't use any of the biometric unlock options, and I have a reasonably strong password for it. I know better than to believe any of those are 100% secure.
  • I don't have any immediate concerns about any bad actors who mean me specific harm, but some of my neighbors do.
  • I don't consider "this is just the way modern society is going, you have no choice but to accept it" an acceptable answer.
Basically what I'm saying here is that I know nothing is perfectly secure, and I already take reasonable precautions as much as I can, and I know that's about all anyone can do. But I also think putting the lock to my front door on the network and making that accessible by smartphone is an unreasonable risk with no benefit to anyone but apartment management, who will no longer have to spend the money to re-key each door when residents move out. Please either convince me I'm wrong, or give me some documented justification for my concerns. Anecdata, positive or negative, from personal experience also welcome.
posted by rhiannonstone to Technology (35 answers total) 11 users marked this as a favorite
How will the insurance premiums change once the property is no longer secured by a deadbolt?
posted by Phssthpok at 8:00 PM on January 14, 2019

Response by poster: Doors will still be secured by a deadbolt. Just a deadbolt unlocked by an RFID fob instead of a key. I like where you're going here, though!
posted by rhiannonstone at 8:01 PM on January 14, 2019 [2 favorites]

Just to let you know you're not the only one who feels this way: I would protest this uprgrade, because I am so, so sick of oh boy spankin new gadget! but NOTHING CONSISTENTLY WORKS. How many hacks do we need before we stop acting like each one is an individual error that the (giant, high tech) company shoulda coulda prevented? How many times does your GPS not work, Siri not answer, the spinning beach ball drive you crazy, and Alexa turn into the Stepford Wife with a screw loose.
I would not want to get locked out of my house because the cell service or internet was down, and I would not want someone to hack their way in.
I was just driving a self-starting, self-locking car for a few days. It was incredibly difficult to know whether or not the car was locked because whenever the fob was nearby, it unlocked itself. You can't jiggle the handle to see if it's locked. Ugh. My friend who owned the car would put her bag on the curb many feet away and then come back and jiggle the door to test it! This was the worst car like this I've seen, but too many magic designs are flawed, IMO.
Yes, someone can pick your physical lock, but that's irrelevant. I would hate being broken into remotely more. I'm not saying people should attack self-driving cars, but there's a reason people are more enraged by a robot car mowing someone down than by human error.
posted by nantucket at 8:12 PM on January 14, 2019 [21 favorites]

I view security much as you do. I would not be pleased about this. I would check my lease about securing the apartment. If it addresses locks and security, I would research the heck out of the vulnerabilities of this new system and then tell the management company if they put that thing on your door they are in violation of the lease. I would offer to give them an additional $100 deposit in the event you lose your key and tell them to change your lock once you move out.
posted by AugustWest at 8:15 PM on January 14, 2019 [1 favorite]

Speaking generally, smart locks are less secure than dumb locks. Certainly at comparable price points. Is that risk 'unreasonable'? Depends on the lock, depends on the implementation, depends on the user, depends on the environment. Do you know what the actual lock is? A $30 smart lock from AliExpress is very different from a 2nd gen Kevo.
posted by Jairus at 8:21 PM on January 14, 2019 [3 favorites]

Somebody can come through your front door with an axe if they don't mind alerting you, and anybody else within two blocks, that they're chopping down somebody's front door with an axe. Most people who want to steal your shit want to do it without attracting undue attention, and the axe method doesn't really fit the bill--not as well, anyway, as the 'we found a vulnerability in your stupid phone app' method.

I recently read where a bank near me had a phone app that would let you withdraw money from ATM machines using your phone instead of your debit card. How convenient! Completely unsurprisingly, some guy figured out a way to spoof his way into other peoples' accounts and had withdrawn $15K from here and there before getting caught doing something else. We all know perfectly well that phone apps get written by the lowest-bidding contractor, and bids are pretty low these days. When Microsoft and Equifax and Facebook can't do security properly, why does your apartment management company think they're gonna magically get it right? I'd ask them what they expect their legal liability to be WHEN--not if--somebody figures out how to beat their app.
posted by Sing Or Swim at 8:30 PM on January 14, 2019 [12 favorites]

This wouldn't make me happy.
posted by praemunire at 8:46 PM on January 14, 2019 [3 favorites]

I would HATE this, especially if it's a truly keyless entry. (Many smart locks can be disabled and used with a physical key - so be sure that this isn't an option already.)

A big question for me would be power. What happens in a power outage? Does it have a battery backup? Who is responsible for making sure any auxiliary backup has a charge? How can you enter your apartment if those systems fail?

Next, how much is it if you lose a fob? How many can you have? (Our RFID fobs are only for amenities - with a real lock for staff - and it's $60 if you lose it.)
posted by Crystalinne at 8:46 PM on January 14, 2019 [5 favorites]

Doors that can't lock or unlock in case of emergency power outage are a Very Bad Idea. See also: Winter storms, power lines down, deliberate sabotage of power grid, electricity down for maintenance, and weird magnetic effects. Make sure the rental agreement specifies who's paying for damages in case there's no power to the building/doors and someone needs emergency access.

Doors that can track your data - that can record every time you enter or exit - are a horrible invasion of privacy. (And you'll want to ask the landlord whether the smart-app company is using that data, and whether they're selling it, and what rights you have to it. Note that if anyone in the place is a European citizen, they have the right to know if that data is being gathered.)

Inability to loan a key to a friend is also a problem, especially for anyone who has disabilities or who needs a caregiver. (They probably think it's a plus to not have any person with access who's not in their system.) Depending on how it works, it may mean it's nearly impossible to go out drinking and have a friend drive you home and open the door for you. (Also impossible to have a friend bring you home if you're injured or sick.)

I'm not sure how keyless access works - does it require the phone app, or just typing in a passcode? (If passcode, how easy is it to change? If phone app - damn, that's a large key that you need to carry with you to leave the house.)

Things to ask:
* How will access be given to maintenance people/inspectors? How will it be removed when they shouldn't have it anymore?
* How secure is the app and the system? (See also: Facebook, Equifax.) Will the landlord accept full liability for unauthorized access in case the app company gets hacked?
* Does it work with all smartphones, or only iPhone and Android? (If you decided to get a Windows phone, would you be locked out of your apartment?)
* What happens if the software company goes out of business?
* What's the plan for "my phone was stolen/destroyed/battery is dead?"

Things not to ask:
How difficult would it be for you to add your own deadbolt, not on the network?

Definitely check your rental agreement before starting to ask questions.
posted by ErisLordFreedom at 9:51 PM on January 14, 2019 [16 favorites]

Bohm, Allison, Edward George, Bennett Cyphers, and Shirley Lu. “Privacy and Liberty in an Always-On, Always-Listening World.” Columbia Science & Technology Law Review, July 2017.

Bowles, Nellie. “Thermostats, Locks and Lights: Digital Tools of Domestic Abuse.” The New York Times, June 24, 2018.

Madrigal, Alexis C., and Robinson Meyer. “When Everything Works Like Your Cell Phone.” The Atlantic, September 28, 2014.
posted by Little Dawn at 9:53 PM on January 14, 2019 [2 favorites]

I would say be very paranoid
- I was one of the hundreds of folk locked out of their cars recently (annoying autovideo, but useful text) in Invercargill, NZ, when some idiot in the govt regulator system sold that part of the spectrum for anyone in the city to broadcast on!
posted by unearthed at 10:23 PM on January 14, 2019 [6 favorites]

The NYT article linked above seems to speak to how serious the safety concerns can be:
Connected home devices have increasingly cropped up in domestic abuse cases over the past year, according to those working with victims of domestic violence. Those at help lines said more people were calling in the last 12 months about losing control of Wi-Fi-enabled doors, speakers, thermostats, lights and cameras. Lawyers also said they were wrangling with how to add language to restraining orders to cover smart home technology.

Muneerah Budhwani, who takes calls at the National Domestic Violence Hotline, said she started hearing stories about smart homes in abuse situations last winter. “Callers have said the abusers were monitoring and controlling them remotely through the smart home appliances and the smart home system,” she said.
Anyone who is concerned about potential risks to their safety from the installation of this technology could reach out to the National Domestic Violence Hotline.
posted by Little Dawn at 10:25 PM on January 14, 2019 [5 favorites]

On the bright side, there will be a perfect electronic record of which of their employees entered your unit, and when they entered, which is an improvement from simply trusting that none of the staff abuse their master keys.
posted by whisk(e)y neat at 11:24 PM on January 14, 2019 [2 favorites]

I’d be livid.

Things relying on wifi can be DOS’d with about $5 of hardware.
posted by pompomtom at 11:52 PM on January 14, 2019 [4 favorites]

I’ve done privacy impact assessments for EEA on this type of product. Where I was working adjustments were made due to GDPR which I don’t think will necessarily be made in the US

To add to the point ErisLordFreedom, consider privacy implications and be aware your personal data may be processed overseas in territories you may not be happy with.
posted by BAKERSFIELD! at 12:37 AM on January 15, 2019 [5 favorites]

Who owns the data? Who is allowed to buy, view, sell, use that data? Who will know when you're home / not home? Everything about this makes me anxious and not a little paranoid.
posted by I_Love_Bananas at 2:08 AM on January 15, 2019 [4 favorites]

When someone pulls you or your building's electrical supply, what happens? Does the system lock and refuse to open or open and refuse to lock? Neither is good.

Ah, but the electrical board is behind locked door, there's a UPS etc, etc. One point of failure that in all likelihood heaps of people can get into. Fire authority key? Everyone who shouldn't has one of them, what do they open in your city? Your electrical cupboard?

There's so many ways around this, I'd be very annoyed.

I'll note that I've seen systems like this work well. Generally in buildings with 24 hour security and much more stringent requirements than a residential building.
posted by deadwax at 2:10 AM on January 15, 2019

My building has a fob-based door lock on the outside door. I got locked out in the dead of winter when we were having power issues. I couldn’t get ahold of the super who didn’t answer his cell. I was joined about ten minutes later by the parents of a woman in the building who had just had a baby. The woman and her tiny three day old newborn had to come and let us in.
The door was supposed have been blocked open during the power issues but the piece of duct tape had fallen off.
So, two options during power outage:
Locked out or wide open.
posted by sciencegeek at 2:53 AM on January 15, 2019 [8 favorites]

A $30 smart lock from AliExpress is very different from a 2nd gen Kevo.

This. A lot of the concerns being expressed in this thread are real things that you should ask questions about, but not things that you should assume nobody making these has ever asked questions about. Ask about what specific model is being installed, what specific systems are in place to deal with a power outage or network issues, and go look up the lock you're getting to make sure that what they're telling you is true. If this is a nicer place you're in, I wouldn't assume that their big concern is the cost of re-keying. Upper-middle-class people are starting to have Expectations about stuff like convenience and Amazon deliveries and such. You don't have to just be okay with it--I think you're justified in being concerned, but not justified in assuming the worst? You need more information. And renter's insurance, but you should have that anyway.

That Lifehacker article has one expert talking not about "what's secure" but "what's secure enough for a given application". I am a developer and generally pessimistic both about security and reliability of software, but I also have a realistic idea of how much the stuff in my apartment is actually worth, and I'd be most concerned with this system having acceptable backups to get you in and out if there's an outage. I wouldn't install one of these myself right now, but I wouldn't 100% rule out living in an apartment complex just because they had them.
posted by Sequence at 4:07 AM on January 15, 2019 [10 favorites]

I lived somewhere where entering a 4-digit code allowed you to unlock the deadbolt. It was super convenient to not have a key. You could tell the code to guests, then change it after their visit (if you wanted to). It was run by batteries and didn't communicate on a network. Could they be persuaded to switch to a 2005-style "keyless" system instead?
posted by salvia at 4:14 AM on January 15, 2019 [9 favorites]

I agree with the security concerns and your hesitation. Not sure how to handle the main building doors security, but you can easily install a 'dumb' deadbolt on your own apartment and use that as your own source of security.

We have had a difficult time dealing with building management wanting access to our apartment during this past years renovations with only the building manager having a universal key, but imagine that building manager could give any contractor that access with an app to save themselves the hassle of physically being there? What controls would there be then?

Let them do as they wish. Install your own deadbolt on your own door.
posted by wile e at 5:07 AM on January 15, 2019

^ Most leases prohibit that. But you could probably get one of those door guards to use when you're home.
posted by salvia at 6:01 AM on January 15, 2019

Yeah, I'd be livid. And planning a move.
posted by uberchet at 6:22 AM on January 15, 2019 [2 favorites]

I have a smart lock and I like it so far. It is battery powered and is charged with a usb cable. I've had it for 5 months and haven't had to charge it yet. In case the battery is dead and you're locked out it has terminals you can stick a 9V to and it'll work.

The entry methods are using an app or entering a code. The app requires the network to be running but the codes are stored locally. You can give people temporary codes. If you use the app or a temp code it logs who opened the door, if you use the main code then it just logs that the door was unlocked.
posted by any portmanteau in a storm at 7:10 AM on January 15, 2019 [1 favorite]

When someone does figure out how to hack it, they will be able to break into _all_ units, not just one.

If you don't have renters' insurance, maybe get some. An insurance company is probably a good source for information on the risks here.
posted by amtho at 7:38 AM on January 15, 2019 [4 favorites]

I've had some experience using a Kevo. A few observations:

- Every electronic deadbolt I've seen can be operated by a key as well.
- Many (most?) electronic locks run on 4 AA batteries. You could just leave the batteries out.
- Some electronic locks are hooked up to the Internet (connecting via your wifi, which, you know, you don't need to allow); some aren't, and can only be operated in proximity via RFID or Bluetooth. No idea which will be the case for you.
posted by adamrice at 10:47 AM on January 15, 2019

Response by poster: Thanks, all! I feel like I have my thoughts a little more in order now--at first it was just a buncha GRARH swirling around in my head.

A few updates and answers for the curious:
  • The lock is battery-operated (not wired into building electrical), though not user-rechargeable. Building management claims battery life is on the order of a year, and that as long as we notify them when we see the low-batt indicator, there should be no power concerns.
  • It uses an RFID fob, note a passcode I could change.
  • They've shared the brand & model number of the lock. It seems to be pretty middle-of-the-road--not super-cheap, not state-of-the-art security, but a model from a brand already known for analog key/lock systems that seems to be common for multi-unit dwellings. It was surprisingly easy to find instructions for bypassing it in case of a loss of power. That bypass does involve a key, and it's unclear if that key would be the same as the physical key I have now, or a different key under control by building management.
  • It's unclear if this lock will be on the network. Given some of the comms about it, including the potential solution of using a phone app, I suspect it will be.
Now that things have settled down in my head a bit, I've realized my biggest concern is that at no point has building management communicated any details regarding privacy or security, including whether it will be networked and how they're going to collect, use, and protect the data gathered if it will be. I've requested a privacy & security statement from them (after scouring my rental agreement and other lease docs for anything relevant and coming up empty). I'm still concerned enough that if they're unable to issue an official one, I may look into local legal counsel to get a full understanding of what I should actually expect from them on this.

Please do keep sharing thoughts, data, and experiences from both sides!
posted by rhiannonstone at 11:20 AM on January 15, 2019 [3 favorites]

I think a little concern is warranted, but I think it is the kind of concern that I would have about any whole-building lock replacement project. How reliable is the manufacturer? How secure are the locks? Are there master keys (physical or digital), and how are they secured and tracked?

As some of the other commenters have noted, just because it is an electronic lock with a phone app doesn't mean it is accessible via the Internet (it could connect through local WiFi, Bluetooth or other short-range networking options). And even if it is accessible via the Internet, isn't the threat still from someone who comes to your actual door? No one can rob you or physically harm you by unlocking your door over the Internet, unless they are physically present at your home, and if that is the case, physical locks are just as easily defeated.

You might also think of some of the safety benefits of the system. I've heard plenty of horror stories of shady building supers and creepy locksmiths, and I would welcome the ability to get into my home when I lock myself out without involving either of them, just as an example.
posted by Rock Steady at 11:27 AM on January 15, 2019 [1 favorite]

unless they are physically present at your home, and if that is the case, physical locks are just as easily defeated

Not really, though? In a reasonably populated apartment complex, the ability to have your friend remotely silently unlock the door so you can stroll on in and help yourself to the goodies rather than having to stand there visibly fucking with the lock or the door for ten minutes is quite valuable.

OP, I don't remember if anyone else has mentioned this, but you should also speak to your renter's insurance to make sure the use of this lock doesn't invalidate your coverage. Most likely not, but you will want that in writing.
posted by praemunire at 11:49 AM on January 15, 2019 [1 favorite]

rather than having to stand there visibly fucking with the lock or the door for ten minutes is quite valuable

It takes seconds.
posted by Rock Steady at 11:54 AM on January 15, 2019 [1 favorite]

Joe-Bob Meth-Head may or may not have a bump key (and there are locks that are bump-key-resistant, though possibly not used in a random apartment complex). Security isn't a binary state, it's just a strewing of the path with more and more obstacles.
posted by praemunire at 5:45 PM on January 15, 2019 [1 favorite]

Would the landlord be able to lock you out of your apartment (rent dispute, etc)? I guess they can always change the locks on you, but instantly being able to deactivate your fob seems more shady to me.
posted by jindc at 7:44 PM on January 15, 2019 [1 favorite]

And to add to praemunire, the local meth head is likely to attempt a single burglary at a door that looks vulnerable/a door he judges that people seem to be away, not remotely have access to and violate scores or thousands of random doors because there is a systemic breach, plus have all their other privacy data on record.
The latter is potentially more widely invasive, there is nothing you can do to make your door seem less vulnerable and it is psychologically creepier.
Not to mention the other worries: that prankster hackers will just open -- or jam locked -- random doors just because they figure out that they can.
Or that, you know, nothing digital really ever just simply works as well as a mechanical key.
posted by nantucket at 3:35 AM on January 16, 2019

Do they take video footage of common areas? If so, you already arguably have a privacy issue to ask about.

I wouldn't worry about the landlord-locking-you-out scenario. They're either the kind of landlord that would do an illegal eviction or they're not. Sounds like they're not. But if they are, it takes maybe a half hour to change a lock. I doubt that delay is going to be much protection for you.
posted by salvia at 12:02 PM on January 16, 2019

FWIW, this is also happening to a fairly high profile security researcher (@hack4pancakes on Twitter). To say that she's unhappy would be an understatement. Lesley is not the sort of person to freak out, so the fact that she's so unhappy suggests that these aren't a good idea.
posted by wotsac at 9:27 AM on January 18, 2019 [3 favorites]

« Older New (to me) iPhone 6 thinks my password is wrong   |   I proclaim you... something. Newer »
This thread is closed to new comments.