Now the technology is developed, and many families also use fingerprint lock. In fact, fingerprint lock is very poor. The following lists one by one.
The biggest advantage of fingerprint lock is: convenience! There is no need to bring a key any more when you go out, and there is no need to worry about losing the key any more. There is no need to locks for replacement when the hourly worker leaves. In short, you can say goodbye to the door key.
Previously, I also thought that the security level of fingerprint lock was extremely high. Although nothing is perfect, it is 100% safe. But fingerprint lock is really very convenient, especially for people like me who often lose keys.
However, in a product evaluation a few days ago, a serious security risk of smart lock was found. A "small black box" that can be easily bought on Taobao (after the intervention of functional departments, it is now off the shelf), and it only takes 3 seconds to open smart lock.
Now it has reported to the Ministry of Public Security.
Things should start from the 9th China (Yongkang) International Door Industry Expo on May 26.
Whenever there is a door fair, there is often a lock opener to "kick the Hall".
This is almost a hidden rule in the industry. For example, Zhang Hongjun, who is known as "master kooky" in the locksmith circle, is a frequent visitor to the Expo over the years.
Because it is normal, when a young woman named Wang Haili declared to the booths on the first day of the menbo meeting, "I can open your house in 3 seconds at Smart Lock", everyone didn't care.
According to the personnel in the industry, at first everyone didn't care because of the previous "kick-out", both sides had the tacit "River and Lake rules":
There is no lock that cannot be opened in this world. It is only a matter of time.
It can't be opened on the spot. It's not a fault. Shake hands to make peace and make friends. If the lock is broken unfortunately, the locksmith won't embarrass you. Send an improvement method and collect some "consultation fees".
For merchants, this is not a bad thing. They promote each other and are happy.
But Wang Haili's subsequent operation made many smart lock merchants cold!
She took out a small plastic black box from her bag.
It is a little smaller than the mobile phone, but it is twice as thick, and the top of the box is exposed by copper pancake coil.
This is the small black box that appeared at the expo.
There are only two buttons on the black box: the bottom is power button, and the side is the trigger switch.
Close the copper pancake coil of the black box to the smart lock, move away at different positions of the lock body, and press toggle key at the same time.
, with the rotation sound of the motor in the lock body, smart lock of the original fingerprint and password are turned on!
Everyone can't sit still......
While Wang Haili "killed", the whole process was so easy that it was horrible:
There is no time-consuming and laborious violence to remove the lock, let alone complex and high-end technology cracking. The small black box is like an access control card, with a brush and a big opening!
1, 2, 3, 4......
Wang Haili opened Smart Lock of 8 brands on the spot. The fastest one really took only 3 seconds!
It is no exaggeration to say that smart lock has never been so miserably abused since there were hidden rules of kicking the hall.
There were more and more onlookers, and everyone took out their mobile phones one after another, focusing on Wang Haili and her little black box.
Next, the event began to ferment in the lock ring. One after another, the video was opened by the small black box for smart lock seconds, it continued to appear in the wechat circle of friends of locksmith and lockset dealers-these smart lock opened by seconds were not only the ones at this expo, but also the ones that were captured instantly in the community.
At the same time, an article "that woman destroyed the whole fingerprint lock industry" began to spread on the Internet, and the industry was in an uproar.
What is the lock-breaking tool for a small black box?
What are the loopholes in these smart lock? Suffered such a fiasco?
Who is Wang Haili, who is accused of "destroying smart lock industries? Why did she do this?
On June 24, we interviewed her in Xuzhou, Jiangsu province.
"I have offended many people, but this industry is really going to shuffle."
Wang haili said that she was the boss of a smart lock company in hunan. The small black box was made together with a lock picking tool manufacturer in changzhou. She went to yongkang menbo to "do things", it is the real "Kicking Hall".
Why did you go to the kicking Hall?
Many of our locks have been sold abroad, so there are people imitating us.
If you want to imitate our good technology, I can't help it.
But they imitated my appearance and my advertisement, but they used the worst technology and accessories, and also said it was my branch office, so I quit!
Do you know that this has made many brands and dealers headache?
For example, a lock company in Hangzhou, which was often interviewed by Curiosity lab before, represented several brand smart lock and was also cooperating to develop a new type of identification smart lock.
Now they are very embarrassed. I don't know what loopholes are in the lock. Once a small black box is encountered, is the proxy lock reliable?
Can the new developing lock be carried? I have been asking us about the progress these days.
After the menbo meeting, people in the circle asked me to buy a small black box.
I used to send it, but now I just started this business. I named the small black box "smart lock professional testing tools", each set costs 580 yuan, the highest price was 1200 yuan.
The more crazy the video was spread in those seconds, the more ruthless the sound of scolding me and destroying the whole industry was. However, the small black box was selling more and more hot, and it was almost out of stock.
Originally lock picking tool, it has now become a testing tool for brand owners and distributors to verify whether their smart lock is safe. This drama itself illustrates many problems.
How much did the small black box sell?
Over the past month, I have been running around in several cities, setting up warehouses in Ningbo, Yongkang and Changsha respectively, with sales of more than 3,000 units.
Because there is only one production line, the production capacity cannot keep up with it. Each delivery warehouse is supplied with quota, and some orders have to be delayed.
At present, two similar black boxes have appeared on the market, which are produced in Taizhou at a cheaper price.
WeChat now receives user feedback every day, and the number of smart lock cracked by small black boxes is increasing.
I estimate that smart lock of the ××% data in the country can be broken (note: This data cannot be verified, so it is not public).
I know that now the China Hardware Association has launched an emergency plan to carry out sampling tests in 20 cities across the country. (Note: This information needs to be verified officially)
Don't you worry about this stuff flowing to the bad guys?
I am also worried about an accident. Any lock picking tool is a double-edged sword.
We sell carefully, mainly to brand owners, distributors and locksmiths.
Brand owners need to have identity certificates. Some brand owners are also worried that we will not ship the goods, and they also take the initiative to provide business licenses and door photos.
Dealers are friends, most of them know, and the crowd is relatively not complicated.
Locksmiths need to provide national unified job qualification sheet.
They are all registered one by one, and the direction is very clear.
This is also required by the public security department as lock picking tool.
Because a large number of videos opened in smart lock were forwarded, there were indeed people who contacted us to get the goods, but they all refused.
However, we hope that the relevant departments will take care of the smart lock vulnerability. Don't cover it, and you can't cover it. Now everyone in this field knows it.
The small black box is actually a Tesla line, and people have already started selling it on Taobao.
Workers in the production workshop are assembling small black boxes.
The structure of the small black box is not complicated, just a Tesla coil
Equipment that uses transformers to boost ordinary voltage and then discharge from discharge terminals through two-stage coils;
Generally speaking, it is an artificial lightning maker, and there are many enthusiasts all over the world.
Tesla coil generates strong electromagnetic pulse.
If you put it close to a fluorescent lamp tube, the lamp tube will shine.
And this kind of high frequency and high intensity electromagnetic pulse can destroy the peripheral electronic equipment.
Although Wang Haili did not elaborate on which vulnerability Tesla coil attacked smart lock, what she was worried about finally happened.
On the morning of June 26, we found that this "double-edged sword" had been transferred from WeChat circle of friends to Taobao for sale.
There are more than 10 stores, and the shipping places are Chongqing, Dongguan and Xuzhou. The price is cheaper. Each store only costs 320 yuan, and the highest sales volume has sold more than 160.
There have been many orders recently, and they will be shipped tomorrow."
Unexpectedly, as a lock picking tool, the seller did not ask us for any identification.
In this regard, it was reported to the Ministry of Public Security's network crime alarm platform and Alibaba illegal commodity alarm platform yesterday.
Actual measurement: How high is the success rate of unlocking with a small black box?
Is this smart lock fiasco really caused by some smart lock manufacturers cutting corners?
After the Yongkang kick-out incident, we contacted Zhejiang lock product quality inspection center.
The inspection center reported that they also got the small black box at the first time.
I took 10 smart lock models from the warehouse and tested them. As a result, one model was opened. However, the vulnerability and cracking principle are still unclear.
The breaking rate of 10:1 does not seem to be very serious, but there are also industry insiders reminding that the locks sent to the quality inspection center for inspection are often not the same as those after delivery.
"The first thing is to pass, and the latter is to consider the cost."
On the other hand, many merchants quickly played a video of "Tesla coil test, uncracked" after the Yongkang kick-out incident to cope with the current storm.
If you enter the keywords "Tesla coil, strong electromagnetic pulse" in the search engine, the content you see is almost the same, especially on the cracking principle--
Industry insiders explained that after the strong electromagnetic pulse generated by Tesla coil attacks smart lock chips, the chips will crash and restart, while some smart lock automatically unlock after restarting by default, so the Tesla coil can turn on smart lock seconds.
Although this incident cannot represent the whole industry, it has caused a sensation and panic in the whole industry, indicating that people pay great attention to the stability and safety of smart lock products...... As a user, when buying smart lock, don't just look at the price, but also the quality of the product.
There is no reason to say, the experiment is evidence, the actual measurement is for everyone to see.
In the workshop in Zhenhai district, Ningbo, "Basically it can be opened. We tried 10 locks in total and all of them were opened. According to the news from the dealer, he acted as an agent for 6 door locks, all of which were opened by the black box." Li Dehui answered.
Three types of smart lock were moved out on site for testing. These three types of locks were all domestic products obtained from distributors.
Field test smart lock
The first test is XX brand smart lock
Including fingerprint, password, magnetic card, Key and other functions, the price is more than 5000 yuan.
"The position of each lock is different, which may be on the upper, middle, lower parts, or even the side of the lock. Therefore, you need to move constantly to find the unlocking position." Li Dehui said.
In this way, the experimenters move up and down, left and right, just like mine clearance.
Half a minute later, the experimenter changed a small black box to continue the experiment. Suddenly, the door lock was opened.
The Unlocking position is fixed at the swipe of the door lock. It takes 1 minute.
The second one is × one brand smart lock
The price is more than 3,000 yuan, and it is also a variety of opening methods such as magnetic card, fingerprint, password, etc.
The experimenter looked slowly from top to bottom. About 1 minute, the door lock was opened, and the unlocking point was also fixed at the credit card.
I went home to test my own smart lock. The door was not opened, but the door lock crashed.
A community in the north of Hangzhou City was delivered in 2014. The smart door lock was installed uniformly by the developer and the brand and logo logo cannot be seen.
Unexpectedly, when the small black box was just close, the door lock became a machine--
Under normal circumstances, touch the password keyboard, the system backlight will light up. However, after being attacked by the small black box, the door lock system did not respond, the backlight was not on, and the system tone was gone, just like a door lock without battery. The door lock cannot be opened for any operation.
Finally, a No. 7 battery was connected at emergency supply of the door lock, and the system restarted again and returned to normal.
Hangzhou Lock Market blind test 10 models smart lock opened 2 models
Finally, we went to a hardware lock market in Hangzhou and randomly entered two Lock stores to conduct blind tests on the 10 door locks being sold.
The first one is × flower smart lock, priced at 1800 yuan.
"Luck" is better. When the small black box is near the middle position of the keyboard, the door lock is opened.
However, eight models of smart lock were tested in succession. None of them can be opened. Their performance is the same-they can trigger system backlight and voice broadcast, but they just cannot be unlocked.
The last one opened Is × an Brand smart lock, the price is 900 yuan.
At first, it was only half successful-the bolt of this lock is segmented and can only be opened after being indented twice.
But after being attacked by the small black box, the Bolt kept coming and going, but it was not fully opened.
Experts think after actual measurement
The biggest vulnerability is smart lock of motor input signals.
Li Yangyuan, chief technology officer of Suzhou Mingrui Microelectronics Co., Ltd., accepted our interview.
First of all, Li Yangyuan did not agree that cutting corners was the main culprit of this incident.
After the Yongkang Expo, Li Yangyuan also received a small black box from the partner, Ningbo × state lock industry, asking him to test a smart lock under the brand.
Voltage regulator and current overload protection are used to optimize and protect power system. When we use the coil to unlock, we can hear the voice broadcast: 'already open', which indicates that the overall function of smart lock, including the power supply, is normal. The coil pulse does not damage power system, so it has nothing to do with voltage regulator."
Secondly, Li Yangyuan believes that there is indeed the possibility of "Crash, restart, and lead to cracking.
So, is there any other possibility?
To open smart lock normally, three steps are required:
1. Input, such as password, fingerprint, face recognition, etc;
2. Authentication: the chip identifies and authenticates the input signal;
Third, the implementation and certification are correct. The system sends out command signals, turns the motor and opens the door lock.
The small black box cracked smart lock. There are no two levels of information input and identification and authentication. The problem lies in the implementation of step 3.
However, the final opening of smart lock was completed by the motor rotating to drive the lock cylinder. Therefore, li yangyuan thought that the focus of the test should be on the input signal of the motor.
"It is likely that the pulse interference of the small black box generates current. After smart lock internal components, a signal is generated, which makes the system mistake it as a normal command and triggers the motor to start."
To verify this conjecture, Li Yangyuan opened a smart lock and unplugged the power inside. When the small black box approached the circuit board again, something magical happened--
Obviously, there is no power supply, and there is a voltage response on multimeter.
Then connect the power supply and use the small black box to attack and test again. At this time, lock open!
That is to say, under the interference of electromagnetic waves, a current appears. The current is like a signal bomb, touching the generator driver chip, so lock open.
"Even if you don't use a small black box, as long as it is a device that generates electromagnetic interference, it may be drive motor."
Use an ordinary walkie-talkie and slowly get close to the door lock to remove the power supply. This time it really took only 1 second to turn on!
Our experimenters kept charging the little black, tried nearly 20 times in a row, and finally opened the lock.
Test with interphone, as long as the frequency is high, it can also interfere with smart lock.
Fully automatic smart lock is the easiest to open
There are two starting modes for smart lock motors: fully automatic and semi-automatic.
Specific to the physical object, as long as the full-automatic smart lock passes the certification, the Bolt will be automatically returned and the door will be automatically fully opened. However, automanual, you still need to turn the handle to open it.
These two different startup methods have great differences in the ease of cracking.
Semi-Automatic handle door lock, there are two motor control lines, the two lines need to encounter a high and low level difference, just like a ECG, is a Unlocking signal.
"This requires a small black box to find a specific location and add luck to open the door lock."
The fully automatic door lock usually uses switch button when unlocking from the inside.
Because considering the better user experience, Button only needs to be pressed for a short time.
For jammer, it is much easier to make a line produce instantaneous potential changes than two lines produce different continuous potentials.
Is smart lock really safe without being cracked by the small black box?
Some lockmakers are glad: "My lock has not been cracked by the small black box. My lock is safe."
Disapproved.
"First of all, the small black box is lock picking tool, not a standard detection tool. Its power, distance, frequency and other factors will affect the success rate of unlocking.
"Secondly, in terms of risk, it should be universal, because it is an industrial standard for dc motor drive chips to use level control, and dc motor drive circuits all over the world do so. Smart lock is opened by wireless interference. It is not a problem of cutting corners, but a design vulnerability."
During the whole interview, I heard locksmiths say this many times: the more functions of locks, the more back doors are left!
Black and white photos printed on A4 paper cheated face recognition
In a Talent Apartment in Suzhou Industrial Park, engineer Wu Xingfeng showed us a domestic smart lock face recognition system vulnerability.
The experiment consists of three steps:
First, register the experimenter's face in the system.
Then, I took a photo for the experimenter and printed it on A4 paper in black and white.
Finally, the black and white photos printed on A4 paper are close to the face recognition probe on the smart lock.
In just one second, the door lock was opened.
Black and white photos printed on A4 paper can make smart lock face recognition system misjudge.
The experimenters lit up the corridor with lights, allowing the camera to take clear black and white photos and capture every detail.
As a result, smart lock face recognition was cheated.
Wu hanfeng explained that the cracked smart lock has three probes on it:
An infrared probe for light supplement;
A visible light probe allows users to clearly aim at the camera;
The last one is the camera, which is used to take photos and collect avatars.
The face recognition system with three probes has a low safety factor.
"So when the system collects faces, it only forms a 2D plane image, which is equivalent to a black and white photo. Taking a black and white camera to take a face is the same as taking a black and white photo directly."
"But there will also be fake 3D on the market to fool people. It looks like four probes, but actually two cameras are not working." Li Yangyuan reminded: there is only one way to identify true and false 3D. Cover a camera and have a look.
"If you cover a camera, you can unlock it, which is fake 3D recognition."
Finally:
To be honest, when writing this answer, it was very "sad".
After completing the evaluation of other products before, we will finally suggest how to choose high-quality products and how to avoid the pit.
But this time, there is no solution.
This may be very rare or even unprecedented results for us.
Yesterday, after sending a circle of friends. Many friends and suppliers sent me smart lock of their home for testing.
It is still a relatively high opening rate, involving many brands, so we will not list them one by one.
Has reported to the Ministry of Public Security network crime alarm platform, Alibaba illegal commodity alarm platform.
If something goes wrong, I will also update it synchronously.
1. Fingerprint Lock disadvantages:
The market is chaotic. Among all locks, all kinds of smart lock are the most profitable, and the price from 1k to thousands is also confusing. But in fact, fingerprint lock is not a high-tech, and there are many domestic modular solutions. Many companies are using fingerprint machine to punch in and open the door. Fingerprint lock is already the standard of some new flats.
In addition, the risk of fingerprints being fake. Curiosity lab has conducted a fake fingerprint experiment and found that the fake fingerprint mold can cheat the entrance guard, but it takes 3 minutes to press the reverse mold to make it perfectly, at present, many brands can detect whether the fingerprint is live or not, so there is no need to worry about the fingerprint being copied.
2. Other functions:
Bluetooth, password or magnetic card unlocking
Bluetooth and magnetic card unlocking are a bit redundant, and password unlocking can be available. Some fingerprint lock also have garbled privacy functions. For example, if the password is 1234567, 9813748123456789347 can also be enabled.
Alarm function
If the verification fails for 3 times in a row, it will be locked for several minutes. If you try to use other keys to open it for 3 times, it will alarm, anti-skid alarm and so on, which will provide more guarantee.
Cloud Intelligence
Some fingerprint lock can be connected to the Internet, and there will be SMS or APP notifications after opening the door. Good smart products should "moisten things silently" instead of becoming new burdens.
This is actually a small function of cloud intelligence, which can be opened at the remote control gate. It is useful to visit friends and relatives during working hours, but it is used less than 10 times in a few years, in the case of fingerprint lock with password function, it is more chicken ribs.
Automatic locking
Lock when closing the door, a very convenient function.
Charging function
It refers to the low battery reminder and external charging function, which cannot be started and can be turned on with a key.
