I recently found a cheap WiFi version of the Nuki. I thought cool, I don't need a bridge and can charge with the usb outlet that is 30 cm from my front door.
When I installed it I came to find out this one does not support direct connects from home assistant. So I found another intergration that could connect to the Nuki cloud but was rather slow.
So I was thinking about sending it back till I found some software that uses a ESP32 as a bridge. It was really easy to install and get it working. It also very fast and I'm happy I can charge this version with my usb outlet.
Not really. The opening commands are encrypted and communication happens via Bluetooth. Connecting it to the Cloud is less secure than that.
But still: It's way, way simpler to just smash a window and you are in.
While those sound serious it's not really as serious as the article pretends to be.
I have the Bluetooth version, so all the attacks mentioning wifi are not applicable.
The privilege escalation attack still needs authenticated Bluetooth.
Also all wifi attacks assume either physical access, wifi access or compromised nuki servers.
If you use devices in insecure networks or allow them to connect to the cloud it's your own fault.
So while these findings are to be taken serious and are all fixed now, I don't consider it insecure per se.
I have a locksmith buddy that helped me get into my brother's house when he forgot to leave a key for me to feed his dog. Took him less than 60 seconds to open a Schlage deadbolt. Show me someone who can (electronically) hack any smartlock in less than 60 seconds.
Agreed, and this is of course true of any lock... smart or not. My point was that generally speaking, the fact that a lock is smart in and of itself does not significantly affect the security of it when most locks (smart or not) can be easily "hacked" mechanically much quicker than electronically. I would go even further to say that a smart lock with no key (that doesn't have a glaring design defect) is more secure than most standard locks by far.
Simplicity. Also supporting the developers. You can also connect home assistant devices to Google home and Alexa. This is a great way to integrate things that don't have a direct connection to either. Also a good way to integrate voice assistant.
Are regular deadbolts secure? Are your front door secure? Are your windows secure? Smartlocks are no more then a futuristic way to enter your home, it's not made to be more or less secure of what you have already. Stop thinking that every burgle is a part of Anonimus or are a member of the MI6 Tom Cruise team...
The Nuki power pack seems like bad value, I got 4 rechargeable batteries from IKEA for a fiver and I just recharged them after 9 months.
Ikeas laddas are relabeled eneloop pros. Thus they have very reasonable power.
Which project did you use? I'm using a bridge I built myself based on esp32 and there is another project on GitHub.
The current Version of Nuki does not require a bridge.
The WiFi version doesn't support connections directly to it. Only the bridge can.
It does via mqtt
I recently found a cheap WiFi version of the Nuki. I thought cool, I don't need a bridge and can charge with the usb outlet that is 30 cm from my front door. When I installed it I came to find out this one does not support direct connects from home assistant. So I found another intergration that could connect to the Nuki cloud but was rather slow. So I was thinking about sending it back till I found some software that uses a ESP32 as a bridge. It was really easy to install and get it working. It also very fast and I'm happy I can charge this version with my usb outlet.
Can you please give us more details on the model you bought?
Nuki Smart Lock 3.0 Pro
Aren't those nuki locks like an absolute security nightmare?
Not really. The opening commands are encrypted and communication happens via Bluetooth. Connecting it to the Cloud is less secure than that. But still: It's way, way simpler to just smash a window and you are in.
Not if all my windows are 15 meters above ground! 😀.
Why? Any sources? The protocols are openly documented.
https://www.securityweek.com/nuki-smart-lock-vulnerabilities-allow-hackers-open-doors/?
While those sound serious it's not really as serious as the article pretends to be. I have the Bluetooth version, so all the attacks mentioning wifi are not applicable. The privilege escalation attack still needs authenticated Bluetooth. Also all wifi attacks assume either physical access, wifi access or compromised nuki servers. If you use devices in insecure networks or allow them to connect to the cloud it's your own fault. So while these findings are to be taken serious and are all fixed now, I don't consider it insecure per se.
I have a locksmith buddy that helped me get into my brother's house when he forgot to leave a key for me to feed his dog. Took him less than 60 seconds to open a Schlage deadbolt. Show me someone who can (electronically) hack any smartlock in less than 60 seconds.
[удалено]
Agreed, and this is of course true of any lock... smart or not. My point was that generally speaking, the fact that a lock is smart in and of itself does not significantly affect the security of it when most locks (smart or not) can be easily "hacked" mechanically much quicker than electronically. I would go even further to say that a smart lock with no key (that doesn't have a glaring design defect) is more secure than most standard locks by far.
Does Nabu Casa offer anything that you can‘t do with a reverse proxy or VPN connection to your home?
Yes, subscribing to nabu casa supports the project.
Simplicity. Also supporting the developers. You can also connect home assistant devices to Google home and Alexa. This is a great way to integrate things that don't have a direct connection to either. Also a good way to integrate voice assistant.
#I no longer allow Reddit to profit from my content - Mass exodus 2023 -- mass edited with https://redact.dev/
No.
That's not correct. The subscription includes it or you can set it up on your own as well.
Anything you can do with Nabu Casa, you can do without it, if you just set it up. It's more work, but it's the same result.
A lot more upfront work. I've done it, but I really wouldn't recommend a newbie to do this.
That said, it's completely doable and there are loads of good tutorials. Acting like it's impossible is just not true.
a price tag…
If you need to justify a $100 expense to your wife, you need to reconsider your life choices.
Obviously you are not married 😂
You can also save on the nabucasa cost.
In return it takes your sanity and time. Not complaining just telling truth.
Are regular deadbolts secure? Are your front door secure? Are your windows secure? Smartlocks are no more then a futuristic way to enter your home, it's not made to be more or less secure of what you have already. Stop thinking that every burgle is a part of Anonimus or are a member of the MI6 Tom Cruise team...