" it can be broken into with nothing more than a screwdriver" yeah right...but you still need key with right identification to set up the cylinder? or am I missing something?
The part where the attacker modifies the lock from outside (or actually modifies the mechanical arm near the entry of the keyhole) allows moving away from the lock to wait that an authorized key has been used and then the lock will stay forever in state where any key shaped object can open it. The only easy way to verify this hasn't been done to your lock is to always keep two iLOQ keys with you. One that this the real key you use and an another that is key that has not been authorized to do anything. And after every application of the real key, you must check that the non-authorized key cannot open the lock after the authorized key has been used.
I wouldn't call it a security vulnerability if you need the authenticated key first in order to do this... Why would someone with the key want to even do this?
The idea is that someone can "prep" the door for a vulnerability. The homeowner then uses their key normally to enter their house, oblivious to the tampering (which is almost completely unnoticeable). Once they leave, the lock will not actually lock and someone can open the door with a screwdriver at a later date.
You mis-understand. You can (trivially) tweak the lock so that it never locks properly again. So, you nobble the lock, then come back a (few minutes, day, week, years) later, and gain entry with a screwdriver. As long as only valid keys have been used after you nobble it, your attack will work.
However, the attack also fails if the first key entered in the lock after the modification is not an authorized key - in that case the lock will enter locked forever state.
@@qq84 Yes, one *authorized* key after the manipulation is all you need. However, if the next key entered is *unauthorized* key, the lock will fail closed and no key will open it. Paranoid iLOQ users still using the old version should always try to open any door with known bad key first. Current version of this lock is claimed to have some modification that's supposed to fix this vulnerability but I haven't found any publicly available information about the supposed fix.
@@MikkoRantalainen No, 1. if you manipulate the lock, it can't close anymore and will get opened with any key/screw driver forever. ...or until someone uses a tool to reset the lock like shown in the video. 2. If you manipulate the key, the next intact key will reset the lock.
If you have a "service key", then you will be able to open the door in a state where you have access, do your real jobb, and then come back later using the screw driver, to break in. Right, that is a situation you could see?
Not just that, you just need to "borrow" the key from someone or cut the plastic reset lever before someone uses it and you are able to enter with a screw driver.
@@犬用下着ソース入り消臭剤 The whole company name is ASSA Abloy Group but Abloy was a Finnish lock company before the merger and they often keep using only the Abloy name in Finnish marketing. Most Finnish people do not know the ASSA name at all.
They are used because you can easily set zones in software and dont have to make different locks for different doors. You can just program the key to the zones you wish to give access to and thats it. Also ILOQ is not a prototype in 2022.. (its 2023 now) Its a well established product with lots of customers and proven safety
Fact of the matter is, it's a pain in the neck to simply walk up to and mess with. Most people breaking into your home through the door lock will not likely get this open in the time they need. A good crook just shims the top of your garage door and pulls the emergency latch with a coat hanger, who locks the internal garage door right? Some people just go through the wall out back, not much to cut through really, it can be done silently.
title: "broken into in under a minute" video: all you need is an authenticated key modified to fuck up the lock, and after that you can open it up with anything Yeah, that sort of applies to basically 100% of locks that use keys.
Thumbs up if you want to see once of abloy padlocks picked! I've heard plenty of stories about old versions of abloy lock to be picked. Wish to see it on youtube!
where did you get this "millions of people using this" statement? i think abloy is far more used than this lock.. i've seen these locks few times but not too much..
Millions is pretty extraordinary claim as there are only 5 million people in Finland (with around 2 million homes). And the locks are quite rare to be seen outside Finland. It'd say these locks are used by maybe tens of thousands of people.
@@jukka-pekkatuominen4540 Probably a over statement but you forget, not only home owners use this keys. Here in Raasepori almost every building owned by the municipality uses Iloq, that is for the main door and doors inside of buildings. So at least a 100 buildings and between 1-20 keys per building. I know that is not a million, but Raasepori is not the only municipality that uses these locks.
@@nattenaniel The claim was that "millions of people" use this key. Not that it is used in millions of doors. Like I have iLog and I use it for 5 doors (2 exterior doors, 2 storage room doors and 1 apartment door). That is still only 1 person using the key.
If you want to see Abloy lock picking in action, see channel called idanhurja: ru-vid.com/show-UCWxEjLvOEnXRLrlttQvqMvg That Finnish guy has picked Classic, Exec, Sento, Protec 2 and Easy. With totally hand made tools!
I was recently testing a box full of new key copies made for the same iLOQ lock. Maybe 40 keys or so. Only about half of them worked properly and we tested/used them properly. I fully agree, the lock technology is irregularly working shit and I don't like it. The same problems have existed in another case too but less keys involved. 25% had to be replaced then. Very annoying and time consuming.
I know your msg is old but iLoq now has a thumb turn that is unlocked and powered by your phone, but mechanical locks are not about to go anywhere anytime soon.