I understand where Level is coming from with this response, but cybersecurity has taught us better.
Yes, less than 10% of attacks use this exploit, but now that it’s public that you’re vulnerable to it, you become a target for 100% of attacks involving this exploit.
So for instance, if the delivery address of Level customers leak (and given the security of their physical locks, I would say them having bad cyber-security practices is not something too far-fetched), a malicious attacker would essentially have a database of home addresses with users that have bought a $300 locker that he can break into with the help of any YouTube tutorial
I don't expect a $5 to try to do much beyond preventing someone from accidentally opening the door. I do expect a $329 lock to not skimp on basic features to cut a dollar off the BOM.
I remember looking at this lock. I really wondered how strong it was because the battery is in the deadbolt. How easy would it be to smash the door open?
I never even considered a bump key might work. And raking? It’s like they’re not even trying.
You’re right with the $5. This now sounds like a $5 lock with automation around it. I’m not saying it needs to be the best lock on the market but come on.
And Level’s response is just sad. It’s very clear they got caught flat footed (shouldn’t happen) and are trying a bad move-the-goalposts to save face.
By their argument you don’t even need a key. Just let someone insert an Allen wrench to turn the bolt directly! No one breaks into houses that way. It’s secure!
So long as the battery is on the inside piece, it really isn't much different from a manual deadbolt. There's some extra gears and the motor, but they're going to be behind plates of metal- if you are taking a crowbar or hammer to one, you'll make enough noise that you might as well just break a window.
On the other hand, a super distinctive deadbolt on your front door that is known to be easy to open with a bobby pin is basically anti-security as you are advertising that your home can be entered without leaving a trace.
If you’re gonna have your house robbed anyway you might as well save on the lock. Even better if you don’t add your name to a database of people with weak locks.
Yes, less than 10% of attacks use this exploit, but now that it’s public that you’re vulnerable to it, you become a target for 100% of attacks involving this exploit.
So for instance, if the delivery address of Level customers leak (and given the security of their physical locks, I would say them having bad cyber-security practices is not something too far-fetched), a malicious attacker would essentially have a database of home addresses with users that have bought a $300 locker that he can break into with the help of any YouTube tutorial