Tested and used by the National Parks Department. This food container is made of high impact ABS plastic with stainless steel latches. The container is entirely flush and cannot be opened unless the bear has a coin or screwdriver. 603 Cubic Inches
@schneier > 1- The lock broadcasts its Bluetooth MAC address in the clear, and you can calculate the unlock key from it.
I have read few days ago and from what i remember the key *was* the mac address. it was not calculated from it. i'll check... anyway i think government should punish this deceptive behaviour, also more in general the iot things that self-brick after a year to force you buy the new one
The 'invincible' quote is, according to the linked article, from different manufacturer. However the Tapplock assurance that the back shouldn't unscrew because there should be a pin preventing that is not very reassuring.
I was wrong, the key is "derived" from the mac address, but in an insecure, nosesne way.
Anyway for you consideration, standard low cost locks are insecure too. i have opened one by inserting a paper clip and moving it randomly (agaim randomly, not with some logic or knowledge). also you can insert thin metal foil (like coca cola can) between the fixed metal part and the cilyndric one that rotate if you insert a key. than is super easy to open them.
Who ever _doesn't_ have a screwdriver? I currently have six in my pockets (two of which are on a TSA approved tool). I also keep a bobby pin and a paper clip in my wallet, which are sufficient for opening most filing cabinet and interior door locks.
So we are teaching bears to be tool users now? From what I've heard, bears *will* get into the bear bags I learned to hang (between two trees) as a boy scout, I'd wonder what will happen if we teach bears to use screwdrivers and mug hikers for change.
"Bears mugging hikers" isn't necessarily a joke. Once upon a time hikers were told to throw bears their packs/food if confronted by a bear. These bears quickly learned that "hikers==food" and would confront/antagonize humans on sight, and hunt people if they found a trail. The bears were quickly killed/relocated and a long and protracted human reeducation campaign had to take place.
@Gaspy Yes, not good idea in general, i have read about someone using an internet connected car (tesla maybe?). he stopped in the middle of nowhere to take a photo of the sunset and than he could not turn on the car anymore since he used the cell phone to turn on the car. but in that point there was no signal. he now always use keys.
It's a lot more interesting to me, how you don't even have to test or develop solutions anymore. All you have to do is wait for someone else to point out a failed design then pile on to make it sound like you're such an excellent researcher yourself.
Yet more proof that marketting is not the department that should run "product development"...
There is a statistic that indicates that on average 98% of marketting is a compleate failure to the point of being a waste of money, a very big waste of money as it is the worlds largest industry.
This product is clearly a product of marketing ideas... I'm guessing there was a marketting "Wish List" that was subbed out to "China Knock Off" manufacturing houses, the price they quoted was too high thus things got stripped out of the spec to reduce price. The marketters then got screwed over by the knock off house that increased their profits by production line cut costs cutting of leaving steps out. Further I'd bet a pint that the marketters never "walked the line" during production and further had no Goodd Inward Test when the units were delivered...
Did I mention "security"? Err no, but then neither did the Marketters except on packaging and advertising...
In a way this is just a more obvious version of what is happening with IoT...
"Buyer beware" is now way more important than ever...
You can see earlier comments I made on this joke of a product over on the Friday Squid,
It turns out that the National Parks Service actually keeps a bunch of bears at hand to assess purportedly bear-proof containers. If the container keeps the bears away from its content (enticing goodies that the bears would like to have, like rotting fish heads etc.) for an hour it is deemed “bear-resistant”. I don't think they have the temerity to actually label anything “bear-proof”.
Then there is the observation that the design of “bear-proof” garbage cans for use in national parks and other bear-infested areas is made difficult by the fact that the smartest bears are way more clever than the dumbest tourists.
Hi Bruce, just a related anecdote here: at work we have those door locks that work with a proximity fob, rfid i think, to unlock the door. The battery is in the door lock, on the INSIDE. Change of occupant in that office, a couple weeks no entry, and the new guy want's to enter. Wait for it..... battery is dead. It took close to three hours for our IT team to get into that office. No they did not kick in the door. Cheers, oliver
Why should smart locks exist? Key management. The cost of key management in a business will keep driving the creation of better and better smart locks.
As is common with technological developments they will get transferred to down the economic stack. The problem here and this is already a problem with non smart door locks are that this market has no transparency or regulation. For it to self-regulate it needs transparency. Since the actors seem to be fighting transparency maybe we need NIST standards for locks. A minimum of two security pins are required for instance.
It reminds me of when i downloaded some bogus shareware back in the early 90's.
The documentation claimed it was freeware, but it wasn't. The fresh download asked for a code in order to use it. They didn't provide the code anywhere logical and the net provided a lot of false positives. On a whim, not knowing which letters or number to use, I typed in a series of all zeros...
... and it unlocked. hahaha
That was the type of thing that started getting me interested in digital security theory... all this password hype on the internet (much of it hot air). That, and locksmiths.
Another funny story...
I locked myself out of my own bedroom while my entire family was out of town. So I called a locksmith. When the locksmith showed up, he was only a little kid! But he did promptly unlock my door and charged me a common fee. After he left I was testing the door, this time with my key handy. I leaned on the locked door, and my own body weight popped open the door without even damaging any of the frame.
I felt so silly for having spent money on a locksmith when all I needed to do was to lean on the door.
happy days. Peace is attainable. May Peacefulness Prevail Within All Realms Of Existence
We are all waiting for the day, long overdue, when business collectively realize that marketing doesn't work.
No...sorry...I'll try that again.
We are all waiting for the day when business collectively realize that it is unsustainable to spend money on things that don't work.
Aaargh! Never mind. One more shot, mmkay?
We are all waiting for the day when the victims of propaganda (including, but not limited to, marketing) collectively decide that they're not going to fall for it any more -- any of it, of any kind, from any source, because falling for it is, in practice, like hanging a sign round one's neck saying STUPID, and, in principle, the spiritual equivalent of suicide.
Oh Hell, I give up, I can't work it out. You have a go.
Smart locks make sense in certain cases, but not this type of lock. Several companies make locks that open with USB type keys. These are valuable whe. Keycards are too expensive to cable and install.
The key collects a log of when used with which lock. In the Electric Sector, we are required to collect and maintain these logs (CIP-006-6 R1.8-1.9, CIP-003-6 R2) to identify who entered. This is often implemented using a guard issuing and logging who has the key and plugging the key back into the key management box when done. No wifi and no remote unlocking. Doesn’t give real time alarming, but good for lower risk remote equipment.
"...We are all waiting for the day when the victims of propaganda (including, but not limited to, marketing) collectively decide that they're not going to fall for it any more -- any of it, of any kind, from any source, because falling for it is, in practice, like hanging a sign round one's neck saying STUPID, and, in principle, the spiritual equivalent of suicide..."
Suspect IQ aside, I get the feeling most people do not think they just act effectively on whim when it comes to marketing...
Any introductory guide to setting up your own business and managment of it, usually makes the valid points of,
1, You need customers to buy your goods/services. 2, Customers can only buy your goods/services if they know of both them and your business.
Hence we get the sound bite of "It pays to advertise".
So far so good and not very controversial. What happens next is almost the same as that which happens with defence spending. It all starts with the question of "How much spending is sufficient?"
With national defence you know you have to have some degree of defence spending otherwise at some point you will be attacked. Thus you try to work out how much spending is needed. Often you hear this quoted as a percentage of GDP... But that only gives a guide to what level of spending you can aford, not what is effective, and almost certainly not what influances a potential attacker.
The real answer is you only know you have spent to little on defence in the past when you are attacked, or in the case of a business you run out of money. Conversely you never know when you have spent to much, or spent it ineffectively.
Which means you have a market place where it's not possible to determin optimal spending thus you get people taking advantage by FUD...
The only way you can avoid being taken in by such FUD is to clearly know the market you work in. The reality is though with the best will in the world any given market will by opaque and rife with "hidden knowledge" and the uncertainty that causes.
Thus people stop thinking and in effect abrogate their responsabilities, which opens the door to any and all who can "talk the talk".
In essence all any marketer can tell you is "What has been known to fail in the past", not even why. They can not tell you what will work beyond the two basic points above because nobody knows that... Thus you have to sanity check what your are told, and that requires both knowledge and the ability to analyse it which is a very hard task. Which is often why the "why bother behaviour" sets in and managers go into "auto-pilot mode" and just set a budget and spend it. Worse they also often get attached to an idea that is not working thus double down on what did not work the last time...
 Just about any time someone tries to run trials on IQ Tests they find that there is "hidden bias" in the IQ Test that more often than not reflects the views on intelligence of the test designer. Around a quater of a century ago I had a chat with someone involved with doing research into IQ Tests and asked them what the formal definition of intelligence was against which they drew up their testing specifications... Coherent answer their came not, when I pointed out that logically that ment that the test of the IQ Test was as equally flawed as the IQ Test, I got one of those looks that says "don't break my rice bowl". Since then I've given both IQ Tests and those that devise research tests on them a fairly wide berth...
I once broke into a car which was parked behind me, boxing me in. When I got tired of waiting, I noticed that the side triangle window had a little screw on the outside (circa 1980 car). So I undid it, opened the door and moved the car a little bit, then left all the bits and pieces on the seat.
The bottom line is that in most cases one can break/circumvent a lock with a simple tool such as a screwdriver, hammer or bolt cutter.
Found a CNET review of the TappLock. Some "review"! (mutter mutter). But it was entertaining. [www.cnet.com]
Reviewed: 29 MAR 2018 "With two methods of entry in addition to Bluetooth, I'd recommend Tapplock as a flexible way to secure and monitor valuables without a combination code or key."
We need more "flexible". Cheers all 'round.
"So if you thought you'd always have to remember to turn your lock three times to the right, once to the left and back to the right again, those days are over."
Oh praise &Diety! The torture of "remembering" is finally done away with.
"Now you just need a fingerprint."
Or a screwdriver. Or a software hack. But cnet didn't know any of this up to 31 March because its review was ... um... simply comment based solely on marketing screed, not any tests done on an actual device.
Just three days after the review...
Editors note on 1 JUN 2018: "It's come to our attention that the Tapplock One [...] allows an attacker to twist off the back plate and use a standard screwdriver to quickly disassemble the lock. We've(sic) haven't independently confirmed this yet, and are currently investigating. We'll let you know what we find out."
TWO WEEKS after that...
Update on 15 JUN 2018: "[...] Tapplock is reportedly working on these [many] issues, but until they are fully resolved, we can't recommend the Tapplock One."
Did cnet ever "independently confirm" that "twist[ing] off the backplate" can be done? (crickets)
The next massive DDoS attack waiting to happen from all of these "smart devices" I think there should be an independent body that gives guidelines to manufacturers about how to secure these devices, but i think it's too late-- only government involvement can bring drastic changes.
You are "buying into the frame". Your analysis of how marketing gets started is purely supply-side. It implicitly assumes that there is no demand, until demand has been somehow ginned up from a vacuum, and that marketing is what does that. "If you build it, they will come" -- provided you have a strong enough hook to drag them in with. All of which is nonsense. If customers need your product, they will find you. If they don't, then worse luck you. The fact that your survival appears to depend upon creating demand ex nihilo does not make that a legitimate or acceptable thing to do.
@ John Smith:
Realizing that one is being manipulated does not depend upon exceptional intelligence, especially of the very narrow kinds that can be (albeit speciously) quantified. Realizing that one has been manipulated and then saying "never again" depends upon something that is usually not subsumed under the definition of the word "intelligence" to begin with.
"I don't think they have the temerity to actually label anything “bear-proof”.
My late wife once received a catalog that dealt with supplies for pet dogs and cats. It went into detail of their new "Indestructible Ball" to let Fido play with. The next edition of the catalog went into details of how the "Indestructible Ball" became the "Virtually Indestructible Ball" after someone gave it to their pet lion as a toy.
Is that a marketing failure or testing failure to not have a lion at hand for the testing?