Unbreakable smart lock devastated to discover screwdrivers exist

Tapplock: Once, twice, three times a screwup


And now... opening the back

YouTuber JerryRigEverything was one of the first to review the lock, and approached it in a purely physical way – scratching it, trying to snap the back off, etc etc.

He was fairly happy with it until he took a serious cutter to the lock to see what was inside and discovered… that the back is literally screwed into the body. He went out and bought a second lock and then stuck a GoPro mount to the back of it, discovering, to his amazement that it simply unscrewed "like an expensive cookie jar."

Youtube Video

That gave access to the back of the lock and to what were bog-standard Phillips head screws that could remove using, you know, a screwdriver. Once inside, it was trivial to pop the lock.

JerryRigEverything concluded that it would be possible to crack any Tapplock within physical reach in under 30 seconds using nothing more than a mount and a screwdriver.

Followed an amazed response – and over a million views – Tapplock responded that the lock has a metal pin inside that is supposed to prevent the back panel from rotating.

"Tapplock has said my particular unit is defective, and should not have come apart that easily," he noted before generously adding: "It seems to be more of a defective unit situation, instead of a poor design situation. Tapplock said they have reviewed the quality control and found no other defective units."

Even if that is true, and JerryRigEverything had somehow stumbled on the only Tapplock in the world where this pin didn't actually work, it still leaves the issue of the screws that can be opened with a normal screwdriver. We're told the gadget maker will in future use proprietary screws, and will check to make sure the pin is in place.

Also, if anyone can rotate the back off their lock, they should contact Tapplock for a new one.

Indienono

Companies serious about security – which tends to include lock manufacturers – will usually use custom screws requiring custom screwdrivers. It costs a little more but it results in a higher quality product, for obvious reasons.

In short, there is significant evidence that Tapplock has struggled from day one to provide what it promised. Not exactly the first time that an Indiegogo-funded idea has fallen short when the people behind the idea don't have the experience or expertise to actually deliver.

But even in the long and inglorious history of user-funded hardware (wonder how that Ataribox is going?) the Tapplock stands out as having failed miserably to fulfill its core goals – in this case, security.

But that's not all. With Tapplock having seemingly done such a good job marketing its useless lock, there is actually already a Tapplock knock-off that is even less secure that its inspiration. How is that even possible?

The manufacturers of this gem of a lock have actually put a screw on the outside of the lock that allows you to access its guts.

When another lock-testing netizen made the manufacturer aware of this, it provided a response so amazing that it's almost impressive.

"We designed this fingerprint lock of againsting [sic] theft," it begins. "However the lock is invincible to the people who do not have a screwdriver."

If it was easy, folks, other companies would already have done it. We'll wait until someone who knows what they are doing comes out with a fingerprint lock. ®

Similar topics


Other stories you might like

  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading

Biting the hand that feeds IT © 1998–2022