There are many ways to lock a door. You could use a keypad, an RFID card, a fingerprint or retina scan, Wi-Fi, Bluetooth, the list goes on. You could even use a regular old metal key. But none of these may be as secure as [mircemk]’s Arduino-based door lock that employs a smartphone’s flashlight as a pass code.
At first blush, this seems horribly insecure. Use a plain old flashlight to open a door? Come on. But the key is in the software. In fact, between the typed-in pass code and the flash of light it generates, this lock kind of has two layers of security.
Here’s what’s going on: inside the accompanying smart phone application, there’s a list of passwords. Each of these passwords corresponds to a flash of light in milliseconds. Enter the correct password to satisfy the Arduino, and the phone’s flashlight is activated for the appropriate number of milliseconds to unlock the door.
As you’ll see in the video below, simply flashing the light manually doesn’t unlock the door, and neither does entering one of the other, bogus passwords. Although it does activate the flashlight each time, they don’t have the appropriate light-time length defined.
Hardware-wise, there is an Arduino Nano Every in charge of the LDR module that reads the flashlight input and the 12 V relay that unlocks the door. Be sure to check it out it the video after the break.
If you want to keep your critters from bringing wild critters back inside, check out this Wi-Fi cat door that lets you have a look at what might be dangling from their jaws before unlocking the door.
Video record someone opening their door with their cellphone flashlight and play it back? If the playback fails because scan frames don’t accurately replay the signal, how about using another way to analyze the signal (PCM?)
Does the phone require an app download from Play Store to work?
(Spyware right there)
I think this could be less secure than recording a physical key at 100 feet, at least it would be more difficult to get a decent photo of a key at night, while this way it is broadcast.
IOW, I am skeptical this is any more secure than putting the key under the doormat(sarcasm).
Rolling code derived from a shared seed of a pseudo random number generator.
I have reviewed your comment, and found it acceptable.
Yeah, this is how most of these solutions are usually implemented. Also, keep track of every code so they can not be reused again even if they’ve never been used, and generating a new code invalidates the previous one
At that point, why not just use NFC?
Conceptually this is a fantastic idea, certainly in its initial/prototype phase, but once refined this is essentially unable to be compromised.
I also would not employ this for my front door, a key is fine. Probably more secure than a cheap gun ‘safe’ (filing cabinet with electronic lock), provided that the locking hardware is robust. As leaf points out this can be made so that the signal presented is unique per use, which would remove replay attacks from the equation
i’m not quite sure from the description, but it looks like the phone just turned on its light for some fixed number of milliseconds. there’s not even any data. if it really is just some few milliseconds, you’d need to capture frames at 1000/that number per second in order to measure the duration.
if you could modulate some onto the light at >1000Hz you’d have little chance of recording it with general purpose consumer hardware.
if you’re willing to put an accurate clock into the receiver, then you could do the equivalent of sending a code from an authenticator app, and it wouldn’t matter if it were recorded.
You don’t really need to capture “frames” you really just need to measure the light level with a simple sensor, which is probably a lot cheaper and easier to do at those rates than it would be if using a camera.
A digital voice recorder with a photodiode paired with a appropriate tone generator could be used to capture the flashlight pulses at 22,000hz sampling rate or more (with a nicer recorder).
Yep. A telescope, A photo transistor, and a one shot trigger on a Rigol Oscilloscope and you have the duration of flash. A better system would use a multiflash code system, a with a rolling code authenticator. Still, kind of a cool lock system for a kid’s clubhouse!
I love when every genius idea that incorporates something idiotic like a buzzer that screams through your phone for no good reason. and only when the passcode is successful? I like the idea. hate your buzzer
With a bit of tube or some sort of curtains around the sensor it’ll be easy to avoid it being recorded from outside, plus some code to delay attempts after 3 wrong attempts in a row to avoid brute force, also several flashes in a row might be a bit more secure/reliable. I like this simple idea 💡 also smart watch or any other screen can be used to emit the signal
phone’s screen is also can do this. like play a white/black video
A web page using JavaScript can do that and not require any apps
Except a Browser…
This is brilliantly done, and we need more folks like yourself thinking outside the box. Great work sir, hats off!
So you just direct your requester to a website and tell them to type in a passphrase, click open and it’s done. Slick.
No software to download, no way to compromise the lock, since nothing is exposed (making an assumption). So, indeed, if there is no Bluetooth, Wi-Fi, or other wireless capabilities enabled on the system, this is ironclad.
So the next step is to connect and power it via PoE, for monitoring/auditing and setting up code DB refreshes via a centralized management tool? 😁
When you get there, send me your store URL so I can buy a few 😀
If I could be presumptuous and offer advice, I would suggest to potentially incorporate single use codes into your algorithm, and also to explore pulsing. You could also use an app to send single use or time limited URLs to your requester to limit access to the web service…
This actually reminds me of the “KnockN’Lock” from like 15 years ago, which was also a pretty ingenious design. However, having to carry a proprietary key fob that had a keypad and mini hammer so you could use a PIN to essentially morse code the door open was a bit clunky and probably too far ahead of its time. Not only is the PIN truly limiting, but compromising the fob itself was a potential concern, or just losing the damn thing 🤣
I also imagine you could use sound instead of light here as an alternative method to look into, further negating the need for an exposed photocell. You could probably go above 20Khz with the right sensor.
Great stuff man! Keep up the braining 😁
Rather than light, use of sound (speaker & mic) could provide a two-way half-duplex exchange similar to old-time cassette tape format like KCS (300 bps) or Apple II (1.3kbps). The lock side comms hardware can be as simple as a comparator and square wave generator (Apple II) or CD4046 PLL as a FSK modem (KCS). The phone side would use a soft modem library.
The use case: approach door, click app button, place phone close to door, phone initiates tones then door replies (several exchanges over a couple of seconds), then door opens.
You could also just use DTMF dial tones and a TOTP or HOTP to generate the number code to prevent replay attacks. Wouldn’t need an unusual app that way. In fact, if you had a home phone (even if it ran off a voip number), you could just call it to enter the code from your cell phone. It could do other things, too, like “press 1 to control lights, press 2 to check the status of lights/laundry/etc, press 3 to see if anyone’s home…”, whatever you can think of for a phone tree to do. It could easily only accept calls from authorized phone numbers, for a little added security though spoofing is possible. You could also put the dial pad from an old phone out by the door in case someone can’t do that, but remembers a backup number code.
A 6 pin key with 8 different possible cut depths has close to a million different combinations. I couldn’t find what resolution he’s pulsing the flashlight at but it sounds like rounded off to the nearest ms which would be easy to brute force. Did anyone catch what precision pulse length is being used?
On second look at the article and arduino code this is really just looking like an ad for a pcb manufacturer. The idea isn’t bad (though probably stolen) and maybe useful for airbnb or hotel type scenarios, if you can guarantee the app works on the wide range of smartphones guests are likely to have.
LDRs are rather slow with rise and fall times in the order of tens of ms. Good enough for a proof of concept, but not for real life. The transmitting end probably isn’t much better.
On the other hand, chances are that 6 pin lock can be opened in mere seconds with a wave rake or a bogota or a bump key or a lifting comb by any beginner, and not much slower via SPP by someone who actually knows what they are doing even in the unlikely case it has security pins.
Hi Steve, unfortunately with locks simple multiplication isn’t enough to determine the maximum number of unique keys. All key systems have a Maximum Adjacent Cut Specification, MACS. If a shallow cut is placed next to too deep of a cut, the key can’t be removed from the lock and you’ve got a serious problem on your hands. A 5 pin Schlage home lock with 10 cut depths has 100,000 potential combinations mathematically, but in the physical reality it has a MACS of 7. You can’t put a cut and you can’t put a 1 cut next to a 9 cut. It greatly reduces the number of unique combinations, likely by an order of magnitude or two, but locksmiths are not typically the sort to share information freely and it’s hard to pin down concrete numbers. That theoretical “100,000” unique
combinations lock above has a fraction of that number of unique keys that physically work. I saw one source report under 17k unique key bittings. MACS is not trivial.
Once you start talking about 6 pin systems the theoretical mathematical unique key bittings is even more inadvisable to hype up because it’s relying on simple multiplication has no actual bearing on how secure your plan is. A lot of US 6 pin locks are going to be master keyed and that’s going to have a massive impact on what bittings are allowed by the keying system’s MACS considerations the wafer height has to be taken into account.
Before Ignition interlocks were a thing, people used to accidentally “borrow” other people’s vehicles by mistake. I knew multiple people, in a town of 1,200, that had the same car key as someone else. Physical constraints put a real, physical, limit on how many unique keys codes can be used. It stopped being such a problem once the auto makers started putting a resistor in the key and telling the ECU not to start the car if the key read the wrong resistance. (Yeah, cars had MFA back in the days where companies hadn’t figured out that 3 letter passwords shouldn’t be allowed and “SEX” was still the most common password.)
As people have said make this a HMAC based OTP and you’re in good shape. Like cars rolling codes.
It’s a neat idea as it stands. I’d love to see someone try and brute force it from a distance with a laser!
Yet another “secure device” using an unsecure smarphone, the universal bad tool for anything about privacy/security.
This actually looks like an infrared remote command without any kind of secure rolling code or something like that. In that case you may as well use a genuine old IR remote and use the digit keys as a code with any length you want, and using the Arduino to decode IR and do the treasure box opening job. Same security level, if not better, but still more a toy than something really secure.
You think your smartphone is less secure than your front door? Guess you have strong front doors…or no glass in your house.
ir remotes aren’t that time sensitive- they pulse basically morse code- this one sends out a specifically timed light that is harder to quantify without specialized equipment- maybe the same ball field but definitely different leagues
Is using visible light really such a good idea to transfer private key information? Why not use NFC? There are industry standard protocols for security. NFC will also work under bright sunlight and doesn’t require non-RoHS CdS LDR sensor and is much harder to brute force from a distance or to eavesdrop. NFC also works without a smartphone, uses a smartcard instead.
“This is the LockPickingLawyer…”
IR and a specially designed dedicated remote would be far superior
Yet another “secure device” using an unsecure smarphone, the universal bad tool for anything about privacy/security.
This actually looks like an infrared remote command without any kind of secure rolling code or something like that. In that case you may as well use a genuine old IR remote and use the digit keys as a code with any length you want, and using the Arduino to decode IR and do the treasure box opening job. Same security level, if not better, but still more a toy than something really secure.
Use a magnet to manipulate the solenoid and bypass all the electronics and software. Very insecure
really good idea for the lock. the buzzer not so much. furthermore, why does it only go off when the passcode is successful?
So a TV remote with a power button?
You could also say that Bluetooth or WiFi are insecure since they’re broadcast in the clear, but the description here doesn’t mentionnkey exchanges or encryption.
Neat idea. Funny to see all the defeat ideas. A normal burglar would not think of any of these clever countermeasures. Instead, a swift kick or crow bar would likely be tried.
Bruh. You reinvented the IrDA protocol.
First thought: “But this is unsafe! You’re broadcasting the key for every one to see! Why not use radio instead!?”
Second thought: “oh, radio also does the same.. but it’s only the nefarious who can see it.”
Nevermind!
Nu yeah, pretty cool. Will still need most of the same security as other mediums though, rolling keys and secure device and etc. Some bonus points for being obscure though I guess?
The medium you use is irrelevant, so long as the data is properly encrypted
What a terrible idea.
Phone dies after a long day out and you’re locked out.
Literally a physical key tucked in your phone case would be more convenient and secure.
This is all way too much work for the user… my idea: Camera plus AI facial recognition. If you look at your door, it unlocks. If you walk away or walk through the door, it locks 10sec later. If you stay on your porch, it stays unlocked, even if not looking at it.
My door has a fingerprint scanner, but touching it is too much work. Having to pull out a phone (or key, or fob) is way too much work, and fails if you lost your key/fob/phone is dead.
Touching your door is too much work? Is your brain mush? Lol
Cool stuff, but it’s already been done on a commercial scale
https://cyberlock.com/product-lines/flashlock/
build QR code sensor into the lock (https://www.adafruit.com/product/5744) and show a code on the phone screen.
Rain.