LOVE LockPickingLawyer, one of my favorite channels on Youtube. He has posted the comment below, which I thought was interesting.
LOVE LockPickingLawyer, one of my favorite channels on Youtube.
He has posted the comment below, which I thought was interesting.
IMPORTANT UPDATE: MojoBox users were just sent the email below. My hat is off to the folks who worked overtime to patch the vulnerability the day after this video was published.
————
On February 26th, after a year in the field, an exploit was discovered that could provide unauthorized access to the MojoBox digital lockbox.
On 1pm EST, February 27th, we released a firmware update for all MojoBoxes. It completely resolves the Feb 26th exploit. You can immediately push this update to each of your MojoBoxes from the MojoLock app.
To do so, just follow these steps:
Open the MojoLock app.
Select a MojoBox.
Look for an “Upgrade Firmware” link at the bottom of the specific MojoBox screen.
Click the link and follow the steps in the app.
We recommend all users act quickly on this update. This will need to be done in physical proximity of each MojoBox. We apologize for any inconvenience this may cause.
Our team will communicate additional information about the how and why of all of this in the coming days. We will add a notice to the MojoBox Product Page, and you will be able to review additional detail there.
We built the MojoBox to be a secure and affordable digital lockbox. While we wish our testing had uncovered this issue before the MojoBox was released a year ago, we hope the quick resolution of this exploit helps to make the point that we stand by the product we built.
This one's got some legs! I thought it was hilarious, and the fact he did it twice to prove it added a little sting. It definitely serves as a PSA about buying secure lockboxes.
This one's got some legs!
I thought it was hilarious, and the fact he did it twice to prove it added a little sting. It definitely serves as a PSA about buying secure lockboxes.
Yeah the "one more time just to prove it wasn't a fluke" always feels like the coup de grace, it's very satisfying. I sometimes feel a little bad when LPL is murdering one of these lesser known...
Yeah the "one more time just to prove it wasn't a fluke" always feels like the coup de grace, it's very satisfying.
I sometimes feel a little bad when LPL is murdering one of these lesser known lock brands. However, a lot of smart locks seem to fall into this trap where there is a ton of focus on the digital part of the device, but they miss basic physical exploits. He's got a ton of videos of him bypassing fancy biometric locks with lock shims or magnets, or by raking the backup locks which almost always seem to be crappy 3 or 4 pin locks with no security features. So it's obviously valuable to have somebody pointing out the design flaws and missing security features. I just feel a little bad when it's not somebody big like Masterlock getting embarrassed.
I think of it more as a consumer report sort of situation. He's definitely influenced some of my lock choices, but can't really do anything about the Kryptonites he even sells a device to crack.
I think of it more as a consumer report sort of situation. He's definitely influenced some of my lock choices, but can't really do anything about the Kryptonites he even sells a device to crack.
Oh sure, I'm not suggesting that he's in the wrong to point out flaws in any of these locks. And I tend to really enjoy LPL's content. It's just a lot easier to laugh about it when it's a big...
Oh sure, I'm not suggesting that he's in the wrong to point out flaws in any of these locks. And I tend to really enjoy LPL's content. It's just a lot easier to laugh about it when it's a big company like Masterlock who has had every opportunity to get locks right making poor design choices. Or, when he did the series of Amazon's Choice locks and showed how slapdash they were.
It's my opinion that the vast majority of consumer locks are security theater, and doubly so if it's "digital" in any way. It turns out the real reason why people aren't randomly stealing your...
It's my opinion that the vast majority of consumer locks are security theater, and doubly so if it's "digital" in any way.
It turns out the real reason why people aren't randomly stealing your stuff is because society actually works for the most part. You generally don't have to worry about the security of the things in your house or your car unless you're in a particularly wealthy area.
A good chunk of consumer locks are poor quality (a shocking amount of “safes” are as well). However, I think that even a low quality lock, in combination with a good security posture, is not...
A good chunk of consumer locks are poor quality (a shocking amount of “safes” are as well). However, I think that even a low quality lock, in combination with a good security posture, is not merely theater.
There’s a saying that locks keep honest people honest, and I don’t think it’s entirely true. A properly-used lock forces an adversary to bypass it, either attacking it directly or finding an alternate means of entry. Those options tend to be louder, more exposed, or both; meaning someone else is more likely to spot them. Additionally, it can impact the crime that they may ultimately be charged with: unlawful entry for an unlocked home versus burglary (more severe) for a locked one. That’s not to say a lock obviates the need for a good security culture, but a good lock does help to enhance it.
LOVE LockPickingLawyer, one of my favorite channels on Youtube.
He has posted the comment below, which I thought was interesting.
This one's got some legs!
I thought it was hilarious, and the fact he did it twice to prove it added a little sting. It definitely serves as a PSA about buying secure lockboxes.
Yeah the "one more time just to prove it wasn't a fluke" always feels like the coup de grace, it's very satisfying.
I sometimes feel a little bad when LPL is murdering one of these lesser known lock brands. However, a lot of smart locks seem to fall into this trap where there is a ton of focus on the digital part of the device, but they miss basic physical exploits. He's got a ton of videos of him bypassing fancy biometric locks with lock shims or magnets, or by raking the backup locks which almost always seem to be crappy 3 or 4 pin locks with no security features. So it's obviously valuable to have somebody pointing out the design flaws and missing security features. I just feel a little bad when it's not somebody big like Masterlock getting embarrassed.
I think of it more as a consumer report sort of situation. He's definitely influenced some of my lock choices, but can't really do anything about the Kryptonites he even sells a device to crack.
Oh sure, I'm not suggesting that he's in the wrong to point out flaws in any of these locks. And I tend to really enjoy LPL's content. It's just a lot easier to laugh about it when it's a big company like Masterlock who has had every opportunity to get locks right making poor design choices. Or, when he did the series of Amazon's Choice locks and showed how slapdash they were.
It's my opinion that the vast majority of consumer locks are security theater, and doubly so if it's "digital" in any way.
It turns out the real reason why people aren't randomly stealing your stuff is because society actually works for the most part. You generally don't have to worry about the security of the things in your house or your car unless you're in a particularly wealthy area.
A good chunk of consumer locks are poor quality (a shocking amount of “safes” are as well). However, I think that even a low quality lock, in combination with a good security posture, is not merely theater.
There’s a saying that locks keep honest people honest, and I don’t think it’s entirely true. A properly-used lock forces an adversary to bypass it, either attacking it directly or finding an alternate means of entry. Those options tend to be louder, more exposed, or both; meaning someone else is more likely to spot them. Additionally, it can impact the crime that they may ultimately be charged with: unlawful entry for an unlocked home versus burglary (more severe) for a locked one. That’s not to say a lock obviates the need for a good security culture, but a good lock does help to enhance it.