If there’s one thing about managing a bunch of keys, whether they’re for RSA, SSH, or a car, it’s that large amounts of them can be a hassle. In fact, anything that makes life even a little bit simpler is a concept we often see projects built on to of, and keys are no different. This project, for example, eliminates the need to consciously carry a house key around by hiding it in a piece of jewelry.
This project sprang from [Maxime]’s previous project, which allowed the front door to be unlocked with a smartphone or tablet. This isn’t much better than carrying a key, since the valuable piece of electronics must be toted along in place of one. Instead, this build eschews the smartphone for a ring which can be worn and used to unlock the door with the wave of a hand. The ring contains an RFID which is read by an antenna that’s monitored by a Wemos D1 Mini. When it sees the ring, a set of servos unlocks the door.
The entire device is mounted on the front of the door about where a peephole would normally be, with the mechanical actuators on the inside. It seems just as secure (if not more so) than carrying around a metal key, and we also appreciate the aesthetic of circuit boards shown off in this way, rather than hidden inside an enclosure. It’s an interesting build that reminds us of some other unique ways of unlocking a door.
Vandal steals “artwork” and you arrive back home with no way to get inside without B&E tools.
Couldn’t the sensor be on the inside of the door behind a thin layer of wood (along with all the nobody-needs-to-see-this electronics) rather than on the outside inviting all sorts of nefarious curiosity? And if that’s already been done, how about mentioning that in the article along with a photo?
Well, the lock actuator is another IoT device that this triggers via wifi, so it’s not the only way to get in.
There are much bigger problems with this: first, the RFID ring is completely unencrypted and will give up it’s ID to any reader that asks. You can stand next to him with something like a Flipper Zero in your pocket and grab the code trivially. (Solved by using NFC and correctly storing the secret in a locked block rather than just checking the UID).
Second, you can take the esp8266 and read his wifi credentials and other secrets directly out of it. It’s not designed to protect those details. (Solved by putting all of this on the *inside* of the door!)
Remember, the S in IoT stands for “security”!
Your last line: priceless!
Thank you very much for your feedback! I am the author of this project and would like to address some of the points you mention.
The reader does not read the ID of the ring, but instead a specific word of its memory.
With EM4305 RFID chips, those words can be password protected.
Having someome extracting the WiFi credentials from the ESP8266 would indeed be quite bad. However, the lock expects an MQTT message with the correct payload to unlock the door. Here, a rolling code code be implemented as a countermeasure.
Those tags are still not very secure; it’s simply not physically possible to do everything needed in a 125kHz tag. Strong encryption can’t be used, so anyone with the right sort of antenna can sniff the full transaction out of the air from a distance when you unlock your door. Not that anyone is likely to mount such an attack on you, but it is still not very difficult.
But you can also read that and everything else out of the 8266 anyway, not just the wifi. There is no technological way to secure this successfully while physical access to the hardware is wide open.
I agree, this should be a challenge-response setup to actually provide security.
Hmmm, disguise the key as something valuable that somebody might want to steal, but would not think of using it as a key.
I also hope the hardware isn’t exposed to a potential attacker for the final version.
Nice hack all the same.
Well, I can imagine opening a door with a life-sized marble statue, but cannot see why I would do it. Maybe to cause neighbors to question the side effects of some of their medications :D
Is it april 1 already??
How awesome it would be if the RFID reading part was in the door handle. Just walk up and open the door using the hand with the ring on.
“It’s just as secure! The motor is on the inside! Controlled by all these exposed wires and easily-accessible electronics”
Lmao send this to the lockpicking lawyer already. If it uses RFID just put the whole thing on the other side of the door. Guess it depends on whether it’s a metal door
It is strange to argue that “many keys are hard to carry around” and then offering a solution that only has practical benefit if you are carrying just one key.
Why not just use WPA2 protected WIFI and host a 1kb website with an open close button? A Pi 0W could do this. Kudos if you put a username and password on the local website for controlling the door. At least WPA2 is secure with random 26 char pwds. By the time I am in front of my door I’m usually logged into the wifi.
>but what if the power goes down or you lose your phone
*shrugs*
“>but what if the power goes down or you lose your phone
*shrugs*”
Then have a physical key in a “Hide-a-Key” rock nearby!
B^)
an esp32 or pi pico w could too. I know the esp has flash encryption, not sure about the 2040
My wireless lock is much simpler… 1 esp8266, 1 servo, 2x 3d printed parts and controlled using WiFi, power … And everything is inside the door…
The only problem is that sometimes my phone takes a while to connect to WiFi when I get home… Bluetooth would probably be better.
Seen something alike a few years ago, even adding a simple pin would be more secure than that.
https://www.youtube.com/watch?v=ParX4YdA6Mc
Move the NFC fob to a keyfob, and implement physical 2FA: First you must use the NFC fob (reader remote from the keyhole) to unlatch the lock mechanism, then the physical key to unlock the door. Keep the reader nearby but separate to the keys can be swung innocuously past it to obscure the scan from remote observation. Without scanning the fob first, even an adversary with possession of the keys will find that none of them successfully open the lock.
I like this idea. If the reader is close enough to the door handle it could be done in one operation, just keep the ring on the same hand that holds the key.
Not to be a killjoy but they sell door locks that accept RFID/NFC and don’t look absurdly out of place.
Of course hackers already have had their hands on those and already have turnkey solutions for hacking your turnkey solution and gaining access to all of those user’s houses.
So, security by obscurity is the great plus of diy systems.
The great minus is that you have to implement a level of security that’s equal or even higher than those turnkey solutions, which means that you have to spend a lot of time on R&D and pentesting. And that time will never pay back for itself.
…unless you evolve your project into the next turnkey solution and start selling it for a profit. But then hackers will get their hands on it and build turnkey solutions to hack your lock. And everything went full-circle. :)
Ok, or unless you are the one of the greatest security guys out there and know how to implement something fully unhackable from scratch in one iteration. That would surely limit your R&D and pentesting efforts to the bare minimum. But I’m not sure if those kinds of people exist.
I prefer my 12×400 hall effect sensor array where you have to sign your name in Norse runes with a magnet. ;-)
Wait, you like the esthetic of fragile, vulnerable circuitry presented at fist level on an exterior front door? Did you chain a ball-peen hammer below the “KEEP DRY” sign too?
I like the project and like the thought of putting a key in something you wear all the time anyway. A lot of people seem really hung up on the (?lack?) of security and seem to forget that physical door locks are a joke anyway to any thief. A well placed boot to the door itself will open it pronto or a rock/brick/hammer to any window will allow immediate access as well. No scumbag burglar is going to be sniffing RFIDs like some kind of Hollywood heist movie.
When did hackaday become worried about practically? The cure all is to just step into the void and be done with it. See ya!
Seriously , I’ve been wanting a kill switch for my 80s car and wonder if RFID could be used
I did this back in July of 2019. https://wizworks.net/keyless-entry Also added an IoT relay to my garage door opener to open/close the door using Siri on my apple watch: https://wizworks.net/garage-door
Put your key on a string, and where it around your. I ne er lost it that way. I did lose keys once, and a couple of times misplaced them when in my pocket.