Schneier on Security
A blog covering security and security technology.
« Transparency and Accountability |
| Applied Cryptography on Elementary »
May 16, 2013
Bluetooth-Controlled Door Lock
Here is a new lock that you can control via Bluetooth and an iPhone app.
That's pretty cool, and I can imagine all sorts of reasons to get one of those. But I'm sure there are all sorts of unforeseen security vulnerabilities in this system. And even worse, a single vulnerability can affect all the locks. Remember that vulnerability found last year in hotel electronic locks?
Anyone care to guess how long before some researcher finds a way to hack this one? And how well the maker anticipated the need to update the firmware to fix the vulnerability once someone finds it?
I'm not saying that you shouldn't use this lock, only that you understand that new technology brings new security risks, and electronic technology brings new kinds of security risks. Security is a trade-off, and the trade-off is particularly stark in this case.
Posted on May 16, 2013 at 8:45 AM
• 65 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
How different would this be from the car doors that unlock when you touch them (as long as the key fob is within range)?
Seems much the same to me, at least from a layman's viewpoint. That would imply it's not "brand new", thus the initial kinks have been worked out? (not that that provides assurance that there aren't unknown issues still present, of course)
I wouldn't trust it if only because it's from Kwikset...
As to Mark's question, I think a key distinction is that with remote car entry you have to have pre-authorized, pre-coded fobs. With this system, in addition to giving you a fob, they enable it to recognize a smartphone and to use the internet to conditionally pass keys to others. This opens up a large range of possibilities in which vulnerabilities could be discovered above and beyond what is now done with cars.
I don't see how this is much different from electronic locks and keycards already used in e.g. office buildings or indeed most high security facilities.
Considering most locks on the market are quite easy to pick anyway, even a poor solution wouldn't necessarily be that bad.
The real challenge with this is key management, and auditing. There's the potential for these things to become a very good solution. Proprietary, vendor specific protocols are probably the biggest obstacle for this.
These guys do a similar thing with an adaptor for existing locks. I've been waffling on trying to order for a few months. https://lockitron.com/preorder
Great fun, until the day until the vendor annoys Apple who then pulls the app from the store and all devices... just as you're getting home from work.
Or you annoy Apple and they brick your phone.
Why not put a blue light on it to let people know what type of lock you have from a distance....
The closed, proprietary nature of all these drives me a little crazy. I want a deadbolt like this that I can send signals to, so I can do things like remote lock the house, or do the nighttime shutdown of the house, etc. It is really hard to find a sanely priced install-able deadbolt device like this that is open. Well, impossible so far.
@Mr Paul, you may be secure with your auto deadbolt, but will you feel secure without manually testing the doors and windows?
I'm working on adding sensors to all of them. That would be sufficient for me. The threat is not people who could hack my sensors and fool me.
They keep boasting about how great their encryption is, but I'm curious if these things could be susceptible to replay attacks. Plus, they mention 1. if an authorized person has entered the house, someone trying to use the same (i.e. compromised) account cannot enter the house while they are in there. and 2. If you log into your account on a new device, it automatically disables the old one. Doesn't this all mean that if your account is compromised while you're out and someone breaks in with it, you're now locked out of your own house?
(Of course, maybe this could be a security "feature", since it's probably safer not to enter your house while it's being robbed anyway)
I worked at a place that made electronic door locks for hotels. I pointed out to them that the lock could be easily opened using a modified keycard. Did they appreciate it? Hell no. They treatened to fire me and didn't fix the problem.
The Kwikset website says that it can't be hacked because it's all encrypted with military grade stuff (which we all know is better than civilian grade).
Sign me up and take my money.
I find it more interesting that new inventions are invariably met with cynicism. Sometimes people just shoot down stuff without even understanding what it is or what problem it solves. Security is one of the worst fields of all for innovation. Move the furniture and they will attack like rapid dogs. Especially notice how new inventions are expected to overcome problems that existing solutions don't even fix. A car that gets 80mpg? Yeah, but does it fly and park itself? Who needs it, I'll keep my old car.
And it's no different on SharkTank or other stupid spectacles like that. Investors don't have a clue what is or is not a good idea. They wait until someone wants to buy it and then suddenly magically they seem to "get it," just as soon as the aroma of money is detected. Same with the gov't.
The military is using AES nowadays, and AES is (theoretically) broken. I am so confident this lock is secure.
I rather suspect that the residential home this is designed for has some rather more serious security flaws then cracking AES.
This lock may or may not be trivially hack-able due to flaws (remains to be seen), but some perspective on its risk environment is in order.
And Simon, it is a security-centric blog. For many people here skepticism on new products is their job.
@ Alan Kaminsky
"The military is using AES nowadays, and AES is (theoretically) broken. "
I find such objections to be almost pointless. The AES system does its job and probably will for countless years. Hence, it's a decent idea for security. Of course, I'm all for using stuff that's high quality, yet not mainstream. (Twofish, Serpent, Salsa, etc.)
So do I read this right and it still has an old fashioned key as well, the phone function is "just" an add on? Meaning it still can easily be opened the old fashion lockpicking way?
If remote deactivation of keys is possible (and the lock isn't online itself), this means the app must contact a server whenever the user wants to open the door. So your phone has to be online and you will have a big brother who knows whenever you've openend (or tried to open) the door.
I had that idea several years ago -- before 2009. It's called Authentication Messaging Service, published too... And it has additional security measures.
I find that the tradeoff is a little costly. given, it does help easily secure the car or house. Opening up becomes cumbersome. First of all, you need to keep the phone or other device battery charged at all times, then you need to unlock your phone using your long security code, then am sure the app has a pin if it is worth its salt, then what? Type some command or press a button to choose which door or window you need opened, or all of them. Phew. After a few times going through this, a typical human will disable some steps. Back to square one or override to manual.
[...] Security is one of the worst fields of all for innovation. Move the furniture and they will attack like rapid dogs.
The reason people criticize new security solutions or gizmos is that new things invariably have flaws. It takes a long period of refinement to find and fix the flaws in a new product. This is not particularly important if the product is a DVD player or espresso machine, because if it isn't severe, most people can work around it. With a security product, an opponent can exploit a flaw intentionally
. I can live with my tea kettle's whistler gizmo falling off (this has happened to me recently), but a door lock that reveals that my house is unoccupied (note--just a hypothetical flaw) would not be so swell.
Also, the fun part about security is trying to spot the potential flaws. In fact, that's what separates security people from the rest of the population. Whenever I see some new "innovation" (e.g., do-it-yourself scanners at the library) the first thing I think is, "how could I use this to violate the rules/law/etc.?"
and oh, this is for Mr. Paul.
I think everyone is missing the point. It's all about trade offs. Unless you have iron bars on all the windows and super secure doors. I can either smash the window or use a crowbar and be in in a couple of seconds. This lock won't make it any easier or harder than it was before.
Bobbly, if you click through to the actual product, it has a fob as well, with no code; I presume similar to the proximity key tech in cars. In that case just touch the lock. Actually, I'd rather be able to do it by kicking the door (gloves, full hands, etc).
Hmm it uses Bluetooth...
RF DoS (jamming) anyone?
As for AES whilst the theoretical break @ Alan Kaminsky pointed to is valid, it currently makes only a minor reduction in the theoretical security margin which is otherwise still high (for the moment, as Bruce has pointed out attacks don't get worse with time).
What would concern me with AES or for that matter 99.99...% of crypto algs on "embeded systems" implemented by ordinary electrical/electronic engineers and code cutters is side channels in all their nasty little forms.
Basicaly whilst a crypto algorthm may well be "theoreticaly secure" or have a high "theoretical security margin" the world is a practical place and it's the "practical security" rather than the "theoretical security" that counts, especialy on your front door.
It is known that many implementations of crypto algorithms are practicaly weak because they leak key bits via timing and other side channels. In a "privately wired" system exploiting timing channels would require physical connection that would be difficult or obvious with a battery powered door lock. However for "publicaly wired" or "wireless" systems no physical connection to the system is required...
All that said the lock may well fail to any one of numerous attacks that electronic locks fail to including strong magnets and high voltage generators or high intensity radio waves from a hand held walki-talkie etc, etc (the list is very long).
Oh and I know "security by obscurity" is frowned upon but this does not make the opposit a good idea. This blue glow ring whilst not a 10KW Searchlight pointing up into the sky is still easily seen by most people with even moderate eyesight. Physical security is very much about blending in not standing there like the Pope in full regalia giving a blessing.
So as Bruce notes you need to look at the cost / benifit, and for me the potential (security) and actual costs far out weigh the (for me) non-benifits it would provide.
Oh one last thing the developing company "UniKey" is not (as far as I can tell) related in any way to a much older Hotel and entertainment electronic lock manufacture "UniQey". And thus it might well find it's self on the wrong end of an infringment case and be out of business or re-named.
Yes Paul, I did. was referring to your custom dead bolt. good observation.
"I had that idea several years ago -- before 2009. It's called Authentication Messaging Service, published too... And it has additional security measures."
Nice work on your patent and other technical papers. However, the patent has plenty of legalese I'd rather not read. Do you have a link to a paper about it for us non-lawyer types? ;)
Oh well, even if the lock is broken there is nothing some small print in the contract or other legalese high-tech can't fix to prevent the victim from claiming damages.
It would seem the Onity hack is still being used in burglaries.
In one case, pilot Ahmiel Fried told ABC 15's Adam Slinger that his wallet, laptop, iPad, clothes and suitcase were stolen from his Tempe hotel room, but the hotel refused to refund him because the theft was perpetrated by a third party and not a member of the hotel staff.
Another fine example of security theater.
@Thunderbird - you're just repeating what you heard. Do you think the stakes are any higher than in aviation or medicine? Decidedly not, and those fields don't suffer from the same mindless resistance as in security. The real reason is too ugly to look at.
... Actually, I'd rather be able to do it by kicking the door
Which is probably how the bad-guys will get in as well.
99 times out of 100 a size 12 boot will defeat 128-bit AES
The 'mindless resistance' comes form the fact that those other fields aren't defending against malicious intelligent attackers.
Usually a 99.9% solution is "good enough", especially if you add a warning/disclaimer about the other 0.1%
In security even a 99.999% solution gets you mercilessly hacked, and a warning label is just blood in the shark-infested water.
Aviation: "Dear Pilot, there's a problem with the auto-lander, please don't use it until we fix it".
Security: "Dear Hacker, please don't exploit this vulnerability until we've had a chance to replace all 1,000,000 hotel door locks".
See the difference?
I don't know where you get this AES stuff as they clearly state this in their web site:
"Kevo also provides multiple levels of military grade PKI encryption."
- Multiple levels
- Military grade
Cripes, this must be mind blowingly astounding securish product. Like the blue ring though. Looks cool. Maybe some case modders can utilize this as a lock for their computer cases? Or a boot lock when you're pimpin your ride?
"Compatible with iPhone 4s and 5 only."
Talk about vendor lock-in!
@Thomas - no, that doesn't make any sense. First of all, security technology used today is virtually unchanged from when attacks were far less. Second, your explanation is equally valid as motivation to conduct MORE development and aggressively innovate, not less.
@Thomas - gravity kills when a plane falls from the sky. A tiny failure in a control system or instrument can trigger cascading failures resulting in numerous deaths. And yet, look at the F35 and the 787, they're fantastic machines. And in medicine, infection kills hoards of people every year. But in security, even when a design is intended to prevent the mere disclosure of credit card information, the attitude remains 'oh no, better not change anything, don't do anything different, after all you can never really be totally sure.' Follow the money!
I always thought that even a simple level of "security" will discourage the multitude casual attempts at entry while also acknowledging that a highly motivated person can usually penetrate even the most "secure" wall.
All one wants to do is the stop most of the casual attempts and slow a dedicated attempt.
"So do I read this right and it still has an old fashioned key as well, the phone function is "just" an add on? Meaning it still can easily be opened the old fashion lockpicking way?"
If you're worried about old-fashioned lockpicking, and overconfident in electronic locking, you can always solder the keyhole shut.
Can it still be bump key'd? What's the use in attacking the BT/Encryption if you can bump it? Why is everyone here losing sight of the easier more obvious hole in the system... Complexity is the enemy of security, I see a fancy 250$ lock on your house, I bump it, I don't spoof BT and hope I can get in using replay etc... It's the analog hole I'd put my work on. Let the next one take a blood sample, if it has a key hole, bump it... the biometrics and or second factors are all trumped by the physical key.
You don't need key and iphone, it's one or the other. I'd suspect that plastic glowing ring possibly makes the lock brittle and even more ripe for a good whacking.
Also, what a pain in the ass to change batteries in a lock every so often, that is the part I'm most upset about. I've used locks like that, only they used a touch pad, got used 100 times a day, and used 2 AA's every month. I wonder how long those will last and how you'd have to replace them.
One problem that all security apps on smartphones have is that they also rely on the security of the other apps (and the OS) i.e. malware could transmit the security app’s secret keys back to the attacker.
I agree with your positive attitude towards innovation, but keeping the details of a crypto method proprietary will always invite criticism.
So, power. Or rather power failure. What happens? If the power to the lock fails (even if it has a battery built-in) does it auto-open, for "safety", or lock hard?
What if you are out and your phone battery runs out?
So, I still have to carry keys? Then what's the point?
@Mark Currie - agreed, but the proprietary issue is smoke and mirrors. Notice the demands on a startup to disclose all their source code and... just everything. But RSA? Cisco? Facebook? Google? These and countless others couldn't care less what you think about their source code. Go ahead and demand that MS publish the source code to Windows 7 and see what happens - "Badges? We don't need no stinking badges!"
Pioneers in flight risked their lives and often lost. The response by others was to try again, to correct the mistakes, to forge ahead. And that is precisely how we got to the moon. That's why I can get on a jet in Chicago and without any worries sip coffee at 35,000ft screaming along at 550mph, touch down in San Diego and get off the plane safely. But in security? The entire field is possessed by an anti-innovative attitude. Everything from the certification process to hardware, it's "don't change anything!" Guys like Nir Zuk are rare, rarer still in security.
Notice adversaries don't have any problem innovating, in fact they rather enjoy it. Ha, if you think we're being looted now, you haven't seen anything yet.
@ Nick P,
Do you have a link to a paper about it for us non-lawyer types? ;)
I did at one point -- but they were mainly "internal papers". One general use case was allowing convenient ways of say booking a hotel, checking in / out, paying the bill, entering the garage (locked), and unlocking the room key. All using nothing but the cell phone. So you avoid waiting in line, save the hotel the expense of door keys (magnetic cards, smart cards, etc...) -- NFC / Bluetooth / Zigbee,... could be the transport between the phone and the door lock.
for us non-lawyer types...
I think some of you would make pretty wicked lawyers (do I need to spell out who the top candidate may be?) :)
Lawyer$ attempt to write patents in a way that sometimes ambiguities and broadens the idea so much so, that if anyone else were to come up with an idea that even smells like it, they would be potentially infringing on that patent...
Break in through window
Steal Kevo Fob
Go to hideout
Reflash lock with new codes
"As our attacks are of high computational complexity, they do not threaten the practical use of AES in any way."
Yes, the referenced work is an historic achievement, and a great credit to its authors. Their attack reduces AES security levels by approximately 1 bit.
Every door with a lockset can be broken, cut, or jarred from its frame sufficiently to permit entry without defeating the lock itself. Typical entry doors in the US can be opened by an experienced burglar in seconds, without use of tools.
I recommend to all who are interested in the field of security, to learn about the vulnerability inherent in all achievable security systems, and how they work -- or fail -- in practice.
Ok, so I give this thing six months and we'll start finding some on eBay.
Next thing you know, they were broken into or mod'ed in some way and somebody finds their house empty
"NFC / Bluetooth / Zigbee,... could be the transport between the phone and the door lock."
The transport part actually sounds somewhat obvious. Already open car and garage doors with wireless tech. Apply same idea to hotel doors. Voila! Using a smartphone for it is more novel. The door part is also simple enough in function that it's easy to make the computer part very secure. Two partitions or two chips, transport stack and access/authentication system respectively, could do the job. I'd throw in a trusted update function. Although, if I know you, an SOC-type design would use a TPM for update and possibly also to bootstrap trusted software for increased flexibility. (Maybe lowered development costs, as well.)
"I think some of you would make pretty wicked lawyers"
My parents told me to be a lawyer. I should have listened. My field turned out to have a similar number of headaches and boring aspects, while making less money. Oh well. Life's full of potential for non-optimal choices. Plus, how many people can say they understand high assurance security engineering or contributed to systems that withstood skilled attackers? Point of pride, if nothing else.
" (do I need to spell out who the top candidate may be?) :) "
And he'd probably benefit most from the legal tradition of charging per page or document. He'd keep them flowing. ;)
So, power. Or rather power failure. What happens? If the power to the lock fails (even if it has a battery built-in) does it auto-open, for "safety", or lock hard?
If it's like most battery powered electronic locks it will use some kind of clutch mechanism to operate an existing mechanical lock. Therefor without power the clutch is unactivated and thus the mechanical lock will still behave as a mechanical lock, or atleast it should on the principle of "least surprises".
Which means as you so correctly guess,
So, I still have to carry keys? Then what's the point?
Well I guess it gives "Fanboi" types something to play with other than themselves.
Although, if I know you, an SOC-type design would use a TPM for update and possibly also to bootstrap trusted software for increased flexibility.
You've got me pinned :)
@Schnier: "Anyone care to guess how long before [someone] finds a way to hack this one?"
Oh, if I were in a dark mood, I'd say, "Gee…hmmm…about 30 seconds after they decide they want in."
It used to be that you had stuff, and you got a house, and you put your stuff inside the house. Then, if you didn't want anti-social types like thieves taking your stuff, you had to put locks on the doors and windows to keep them out. Your stuff…your house…your responsibility.
Now we've entered a time when all these companies want to offer you a house to store your stuff. But they still figure it's your responsibility to lock the door and windows, only you can't because the means of modifying the doors and windows is carefully locked away from you.
These same companies are experts at keeping anti-social types out of their own stuff; so it won't be stolen. But it's expensive to protect your stuff and they'd rather have the profit, so they build as non-secure a house as they can get away with and, if your stuff is stolen, tell you, "It's the fault of the anti-social types."
And, of course, it is the fault of the anti-social types. But that's just an excuse, because the companies are still selling you a house you can't secure, and the company can't be bothered to secure. And when your stuff is stolen, they trot out the user agreement that says, "Not responsible for your loss," and shrug.
Now these people who made these locks, probably figure they aren't even worth making if they can't be made for .035 and sold for 15.00. Using that as a working assumption, they spent .035 securing that lock; and so therefore, it's pretty much assured that there isn't any real security there.
You can't blame them for the "military-grade encryption" hype. It's nonsense, but when I chat with people who know nothing about security (~99% of the world's population) military-grade encryption sounds impressive. 128-bits-AES sounds like gobbly-goop. If you're designing for the general public, tell them it's "military-grade-encryption". You'll feel dirty, but you'll wash that off with your extra money.
I've been thinking a Java iButton key for my house and car would be cool... :-)
"It's the fault of the anti-social types."
They are just hoping you don't know the meaning of "anti-social". It appears their hopes are justified.
There is a huge difference in liability between picking a lock and booting in the door, and it's in the evidence of forced entry.
If there's no evidence, it's much easier to claim failure (or fraud) on the part of the key holder.
@ Nick P,
Although, if I know you, an SOC-type design
I don't think this application would have sufficient production to cover SOC development costs.
However there are a number of SOC's for the smart phone market that have the required RF front end and control micro plus a well segregated second general purpose (ARM Core) CPU designed in such a way as to minimise battery consumption.
Mind you battery consumption is going to be the real killer in this design... You are going to need battery life to be upwards of 12months for ordinary dommestic use (say ten operations a day).
Look at it this way how difficult is it to design either a GSM CDMA2000 system that would stay on network for a year just on batteries? Likewise but easier WiFi in RX mode or even Bluetooth in RX mode is pushing the boundries (Oh and in the US the added requirment for GPS for mobile network connection).
So I suspect the requirment to touch the lock is actually used as a wake up, power up and initiate comms to the iPhone.
If that is the case then if I remember correctly that is going to open up a potential attack vector...
Actually, ABUS has a very nice wireless doorlock (not bwootoof tho) which can be used as a "wireless key turning machine" for your old lock.
Security-wise it seems neither here nor there ( https://groups.google.com/forum/#!msg/cul-fans/QUUXAxAFlDk/L88_qJc9nZwJ ) but it has the benefit of looking like a vanilla lock, so as long as your threat model are "criminal opportunists who aren't pro-phreakers/hackers" (which is the default for a doorlock), you should be reasonably fine.
I've long wondered why the car manufacturers do not team up with a lock company to make a lock that works with their keyfobs so that you can open your front door with the very same fob that opens your car door.
Even finding another lock that works in the same fashion - turn the knob with a fob in your pocket and it automagically opens - is well nigh impossible. Besides this kwikset model, are there any others that have similar functionality (I don't care about the iphone part, that's just a gimmick as far as I am concerned).
@ Clive Robinson
"I don't think this application would have sufficient production to cover SOC development costs."
It wouldn't need to. Remember I've posted previously about the large number of COTS SOC's with Power, ARM and MIPS processors. Many have low power use, onboard crypto, OS board support packages, and occasionally wireless functionality. I figure an electronic lock developer using an SOC would just use one of those. The custom parts would be the control software and the board. Many embedded guys can do that pretty inexpensively. Then, there's the locking mechanism and aesthetics. Not my departments though so no comment.
"Mind you battery consumption is going to be the real killer in this design... You are going to need battery life to be upwards of 12months for ordinary dommestic use (say ten operations a day). "
Yeah. I think a better design is to build a connection to a powersource in the lock itself. Maybe put the locking mechanism beside the door. Facing the user is a minimal interface. On other side of the wall are the guts, including power connection. This would be a long-term investment due to modifications needed. And if it's batteries, there's always rechargeable batteries. ;)
This technology isn't exactly new, as commercial locks have been operating over wireless (including Bluetooth) for many years now. The access control industry is a bit more security savvy than many give them credit for. With the recent onset of FIPS201 and FIPS140-2 crypto requirements for government ID, many manufacturers have been forced to introduce the proper security training, engineering, and testing resources that were lacking in the past. This is good for both the security and access control industries. Manufacturers must follow the very public guidelines for these FIPS140-2 systems. I wouldn't consider the Federated PACS documents proprietary. Transferring FIPS best practices into a residential system is trivial, which is why I think the market will begin to see a new level of security packed into residential spinoffs. I think this lock is just the first of many more to come as the lock industry moves forward.
"Likewise but easier WiFi in RX mode or even Bluetooth in RX mode is pushing the boundries"
It's very likely to be Bluetooth LE, which has some *extremely* low power mode available. It's more optimized for intermittent sensor reading rather than continuous connections. It's different enough that it isn't really backwards compatible at the protocol stack layer.
Android doesn't support it yet (I heard second hand that Google IO included an announcement of support) though a number of phones do include the hardware.
You also don't need to pay Apple a Made for iPhone licensing fee when you use it.
Security doors Melbourne are paramount to impart protection to your home from anti social elements . Crime is increasing immensely and it is important to take security steps for safety.
I've had good luck with the Schlage Link wireless locks. I've actually got them on all of my homes & also have a few at the office. *BUT* I use a MiCasaVerde VeraLite as my wireless bridge instead of Schlage's and their monthly-fee service. Works with any device that can access the web, sends me an e-mail whenever someone even plays with the lock keypad (and access is denied). Best of all, it's not in some central database/server somewhere. Already replaced the cylinder with a MulTLock, but I'll leave that for a future debate. I also like that it uses Z-wave, which is relatively obscure and not normally detectable. If I'm feeling uber paranoid I can block the port on my firewall when I'm away for awhile.
On the outside it looks like a regular Schlage non-networked keypad lock (although I can retrofit a regular Schlage handle if I get creative).
As far as power outages & such go, the Schlage lock itself runs on battery 24/7 and sends battery status reports to me via e-mail, so no issues there. It also has a hell of a long battery life as well. I think my office one is >2 years old now and still hasn't started flashing the low battery light yet.
Ultimately, I know damn well the lock isn't going to stop anyone with a large enough sledge hammer. Most of my locks have a video camera right above them, so I don't think too many people are going to bother picking the locks either.
@Mr Paul: Take a look at the Schlage locks. You might not like the deadbolt as the electronic part only engages/disengages an internal cam. So if the deadbolt is unlocked, it's not going to magically lock itself. BUT, I've yet to find a mechanical deadbolt which is reliable. The Qwikset one is complete crap and won't notify you if the strike doesn't engage, which is very easy with the tiny little motor they put in those. I'm a road warrior (on the road ~250 nights a year). When I'm halfway across the country, I don't want any doubt that a door is locked or not. I have deadbolts but use them as privacy locks when I'm home. I rely upon the Schlage handleset locks to take care of the usual business. Installed w/4" screws & reinforced strikeplates and door jambs, most people aren't going to know that the deadbolt's not locked when I'm away.
The big problem really is people thinking it's just one thing that makes security. It's not.
To be secure (and identified) a system should include:
1) something you have (key)
2) something you are (biometric)
3) something you know (password) and
4) redress after reasonable proof of failure (liability).
None are perfect, either by themselves or in combination, but relying upon only one or two is something best reserved for casual business, not anything important.
Building upon what @Jon said:
I've long had a saying, "If it can be made by man, it can be broken by man."
All security / encryption does is slow down the process of the eventual intrusion. Ideally it discourages intruders from bothering with your system(s).
I don't really see the problem here WRT security of a new electronic lock. Traditional locks can be bumped or kicked in (or door glass broken out, etc.). The role of a door lock in a home setting is more about keeping honest people honest and keeping opportunistic thieves out (e.g., kids in the neighborhood, delivery person that notices the house is unlocked). Outside of the inconveniences introduced by batteries, this offers some real advantages (e.g.,one-time use key for a friend). I don't know that I'll use one, but it's not inherently inadequate to to the task just because it's electronic.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.