KRACK - Follow Up To Last Weeks Article - More Researchers Claim Hack Will Be More Widespread Than Feared

Forbes magazine published an article yesterday, "The Internet Of Things Just Got More Unsafe To Use"

Our article, that we wrote about On October 17, 2017 has been viewed almost 3000 times since then and is causing discussion around the industry.

To quote an excerpt from the article,

“The KRACK vulnerability allows malicious actors to access a WiFi network without the password or key, observe what connected devices are doing, modify the traffic amongst them, and tamper with the responses the network’s users receive. Everyone and anything using WiFi is at risk. Computers, phones, tablets, gadgets, things. All of it. This isn’t just a flaw in the way vendors have implemented WiFi. No. It’s a bug in the specification itself.” - John Romkey, Founder of FTP Software

many more researchers are agreeing with the notion that the IoT devices might be a severe thorn in peoples sides, especially older gadgets that their manufacturers will have gone out of business and the enormous quantity of WiFi connected gadgets that just are or will be unable to accept a security patch, must number in the millions.

Many consumers, including me, are guilty of purchasing at least one or two electronic gadgets that have WiFi connectivity. None of us were ever in the know, that these products were so poorly designed and protected. How could we? But that didnt stop us from buying them and opening our security up to question.

The article goes on to suggest that NOW is the time to disconnect those "unpatched" devices and upgrade to more secure products.

I feel it is very convenient that so many products are doomed to be scrapped and consumers will need to purchase new and expensive gadgets to replace them. Convenient for the legions of gadget manufacturers who will cash in on this "hack" to sell you their next greatest, you beaut, fandangled contraption that "promises" better security.

At this point, we consumers are almost compelled to purchase the new product, especially if the security and safety of our loved ones or our colleagues is important to us.

The Forbes article is in the source below...

(source...)

Amazon Key - Giving Amazon Access To Your Private Residence

Breaking News: Amazon Key - Granting Access To Your Private Home.


Today Amazon announced the release of their latest system aimed at improving your shopping and delivery experience.

Amazon Key is their system that allows Amazon to enjoy access to your door, so that they can deliver your Amazon packages without requiring you to be home.

The package includes a smart camera that you hook up inside your house, that communicates through the cloud, to enable you to operate your smart lock when you are not home and thereby allowing your delivered packages to not be left outside where potential thieves can make off with your booty.

The article (in the source below) includes a video that explains what they are trying to do.
Now, there are privacy concerns undoubtedly and as a professional locksmith and security products installer, I would highly NOT recommend this type of service. We provide premium quality security products aimed at keeping you secure from unauthorised entry. This system will decrease the security of your property.

Given the news in the last couple of weeks that WiFi routers are being hacked with the KRACK hack and the recent knowledge about the Blueborne Bluetooth Hack, combined with installation and operational issues, namely smart locks that refuse to lock correctly because your door may be misaligned, the batteries may be flat, the cheap electronics prone to humidity and other weather phenomena, would you really consider giving access to your home to an unknown courier? Even if you could see them?

Many people choose to have an alarm system on their properties. Are you going to switch the alarm off too?

I personally lock my door physically by hand with my mechanical key and am happy in the knowledge that my doors are secure and that no one without my authority can enter. Of course I choose to use the fabulous Bilock-Extreme Security restricted key system on my doors. Bilock is the first 100% bump proof and virtually pick proof pin tumbler system on the market. The color coded keys make identification of keys really easy too.

There are a few other types of systems available from many other locksmiths around the country and the world. Simply talking to your local locksmith professional can save you plenty of money while offering great protection at very reasonable cost.

If you want Amazon to enjoy access to your private home....go ahead and join the revolution against proper and adequate security.

(source...) 

New Digital 'Hurricane' Churns Gathering Strength To Land Blow On The Internet

In a follow up to our post earlier this month about the KRACK hack, an article yesterday in The Sacramento Bee titled "New Digital 'Hurricane' Churns, Gathering Strength To Land Blow On The Internet" describes a paper by Check Point Software, an Israeli Cyber-Security company, that suggests, " The next cyber-hurricane is about to come".

According to the article (in the source below), Several cyber-security researchers Monday confirmed Check Point’s findings, saying the botnet could replicate, and perhaps dwarf, the Mirai botnet that almost exactly a year ago took down major websites on the Atlantic Coast, crippling a part of the internet’s backbone and slowing traffic to a crawl.

The botnet, which has been named either “Reaper” or “IoTroop,” was first detected in mid-September. A Chinese cybersecurity firm, Qihoo 360, says the botnet is swelling by 10,000 devices a day, forcibly recruiting foot soldiers in an ever-larger invisible rogue army.

Cybercrime gangs form botnets by infecting internet-enabled devices, often wireless cameras or routers with weak security features. Once corralled, controllers can send commands for the botnet to overwhelm a target, knocking its website off line or crippling the internet.

The new botnet has spread across the United States, Australia and other parts of the globe, researchers say, although Check Point notes that “it is too early to assess the intentions” of those propagating the infection.

“It could be something that’s meant to create global chaos,” Maya Horowitz, threat intelligence group manager at Check Point, said in a telephone interview from Israel. “But it could be something that’s more targeted,” perhaps aimed at a country or industry.

She said it is unlikely that cybersecurity experts will be able to halt an eventual attack.

“The chances are pretty low for that,” Horowitz said, adding that like an epidemic of infectious disease, “each infected device is looking for other devices to compromise.”

The article goes on to discuss recent events that took down the internet this year.

We continue to advise our clients to be vigilant about their security products and especially the many internet controlled door locks currently on the market. 

More specifically we are advising consumers to prefer to use mechanically keyed products that do not connect to the internet, to adequately protect their properties.

While we see and agree, that "connected" products can help to offer some access control parameters, we feel that, at this time, the security protocols incorporated in many of the "cheaper" consumer products, are not up to speed and security and could potentially be an easily bypassed issue that will affect the security of your home or office.

Being in the lock and security product industry for the last 35 years and having plied the trade on 4 continents, we continue to advise our clients that mechanical "keyed" operated security products offer substantially better security than many of the current breed of IoT products coming to market.

Even with the many brands of digital code locks currently available, many consumers fail to understand that sharing of access codes presents a greater security issue than having and using a mechanical key. A code once shared, means that you really do not know how many different people have access to your property. Unlike the mechanical key, which requires to be duplicated, a code does not. Sure, you can just change the code, but how is that different from rekeying a lock cylinder?

The difference is that locksmiths have been providing high-security restricted key systems for many years that almost completely prevent unauthorised duplication while providing better quality - higher security components to thwart picking or bumping or other non destructive methods of entry.

Bearing in mind that the cost for a mechanical key operated security product is substantially competitively priced, compared to 'digital' code locks, you can be virtually assured that your property is significantly more secure, while still being affordable.

The video above describes what a bot is and why they are becoming increasingly troublesome to our society today.

Contact your local professional locksmith for competitive options that can increase your properties security at minimal cost.

(source...)

Settlement In Ignition Lock Class Action Lawsuit - $120 Million In Damages Awarded

We have talked about the Ignition Lock Debacle, a few times over the last few years and the subject has sparked much discussion across industry and wider forums online, offline and through the media.

An article (in the source below) we were recently alerted to, explains that last Friday a settlement was reached between GM and 49 states attorneys-general (Arizona was the only state to not join the action).

The class-action suit brought by nearly all states was filed in reaction to GM's 2014 recall of nearly 9 million vehicles that had trouble with their ignition switches.

The lawsuit alleged that GM and high-level employees knew about the problem as early as 2004, but waited many years to recall it's vehicles, all the while marketing their vehicles as safe and reliable.

The $120 Miliion dollar settlement, apparently ends this case.

(source...)

According to the article, GM agreed to several terms:

• Not represent that a motor vehicle is “safe” unless they have complied with the Federal Motor Vehicle Safety standards applicable to the motor vehicle at issue.
• Not represent that certified pre-owned vehicles that GM advertises are safe, have been repaired for safety issues, or have been subject to rigorous inspection, unless such vehicles are not subject to any open recalls relating to safety or have been repaired pursuant to such a recall.
• Instruct its dealers that all applicable recall repairs must be completed before any GM motor vehicle sold in the U.S. and included in a recall is eligible for certification and, if there is a recall on any certified pre-owned vehicle sold in the U.S., the required repair must be completed before the vehicle is delivered to a customer.

Breaking News - August Lock Acquired By Assa-Abloy

Breaking News:

August Lock Co. acquired by Assa-Abloy.

In a shake up of the lock manufacturing industry, reports are surfacing about the August Lock Company being sold to the worlds largest lock product manufacturer Assa-Abloy.

The sum of purchase is as yet undisclosed and the expectation is that regulatory approval will happen before the end of the year.

The August company launched in August 2013 after a crowdfunded campaign by it's inventor Yves Behar. The company led by CEO Jason Johnson will continue to operate independently until fully absorbed by the Assa-Abloy behemoth.

Yale, one of Assa-Abloy's oldest purchases and the company who first patented the modern pin tumbler lock system back in 1865, have also manufactured some high quality, yet competitive priced "smart" lock products in recent years. Many of their offerings are fairly reasonable quality and we like to recommend their products for their longevity, ease of use and aesthetically pleasing properties.

August modified their product offerings in the last couple of years, adding complimentary products to their initial door lock line up.

August were one on the first in a large group of crowdfunded inventors, to go to market with their door lock. Initial bumps appeared, as is common with many electronic products today, but they seem to have dealt with the issues along the way, professionally and quickly. That is a sign of an engaged operation, passionate about their offerings and concerned with the customer experience.

Many of the other large lock product manufacturers have released wireless electronic lock products to compete in this continually expanding market and we expect to see a number of additional startups get swallowed by the major industry players, before long.

(source...)

KRACK - Dangerous WiFi Security Flaw Discovered. And It Affects ALL WiFi Devices

Breaking News - The above video made by a CNN reporter, explains a recently surfaced issue with WiFi.

WiFi is almost synonymous with anything Internet related today, in the the modern age of the Internet Of Things.

Almost every household in much of the civilized world has access to or uses some version of wireless computer connections, in everything from cellphones to laptop computers to desktop computers to wireless security systems including but not limited to door locks, alarm systems, lighting controls, thermostats or even your door bell.

We are also not immune to surfacing issues with wireless products and within this blog, we have also touted certain products that may use WiFi to assist in access control or security.

While we have reduced our penchant for recommending wireless security products in the last couple of years, we still will recommend some products and mostly those that are not WiFi connected.
We recently became aware of a security flaw in Bluetooth products too, which we wrote about last month.

We continue to sing the praises of mechanical security products, like physical door lock systems, often recommended and installed by professional locksmith technicians.

Products like our Bilock - Extreme Security Restricted Key Systems, that are 100% Bump Proof and virtually pick proof. They use unique color coded heads to easily identify different keys. Lock systems can be master-keyed easily and still offer premium quality security, when many competing brands actually reduce perceived security of your locks through master-keying. It is quite well known throughout the wider industry, as well as hobby groups, training institutions etc. that master-keyed lock cylinders actually reduce an access points security by using multiple pin stacks in cylinder chambers.

Bilock, does not. There is only one pin per chamber and no top pins. This makes bumping, physically impossible and picking virtually impossible.

There are other brands of mechanical lock and key systems that do offer comparative security, like Abloy Classic, Protec, Protec II and a few other non pin tumbler type systems too.

With the current day desire by many consumers to incorporate access control products into their lives, intending to reduce the need to hand out a key to their children, partners, residents and visitors, the increase in sales of wireless, battery powered lock products, alarm panels, remote controls continues to increase annually.

In another video, over at Fortune magazine, it explains that some software manufacturers have developed patches for current products already in the wider market......






But, even though we should feel somewhat thankful that the providers of our Internet products are proactive with their responses to these new found security issues,

What about the thousands of other products already out there that are vulnerable to this KRACK WiFi security flaw?

Sometimes, I think many of these security flaws are deliberately released, after consumers have already invested in the latest and greatest, you beaut gadget. In a rather crude attempt to get consumers to spend more money again to protect themselves.

As a locksmith, concerned with offering my customers premium quality products that actually provide long term protection, I continue to write articles explaining the reasoning behind mechanical physical security products, that STOP any chance of wireless security loopholes.
Many products that I and my fellow locksmiths continue to offer and rely on, are designed to protect you for the longer term, are significantly more competitively priced, designed to last considerably longer, while minimizing maintenance for the homeowner, resident or tenant of a dwelling.

(source...)

Breaking News - Rumors Abound that The National Locksmith Magazine Have Closed Down

Rumors abound that The National Locksmith are or have closing/closed down.

Their site continues to indicate about their October 2017 issue.

The report is at this time unsubstantiated.


EDIT: 10/17/17 We have received confirmation from sources within the ILA (Institutional Locksmiths Association) and ALOA (Associated Locksmiths Of America) that this rumor is no longer just a rumor, but indeed a fact.

Since 1929, The National Locksmith Magazine has been a stalwart rage for the wider locksmith industry across the world.

Succumbing to the Internet Age is not surprising anymore.


Many of the brand names and product manufacturers are sourcing their advertising elsewhere today and TNL is but one of a long list of current companies who have been unable to transit from print to electronic media.

While it is sad to see another industry stalwart disappear, we must thank them for the many years of service to the locksmith community and wish them the best in future endeavors.

New Award - We Enter The Hall Of Fame

10 years in a row, we have received the above award.
Now we enter their hall of fame.
We consider ourselves a best practise company. We endeavor to provide our clients with premium quality products and services at competitive costs.
Occasionally, we receive a little recognition, which keeps us optimistic for the future and our passion for this trade alive.

(source...)