Smart tech is the smart choice so long as it’s well-engineered

A few weeks ago, we learned about Amazon’s ambitious plans for Amazon Key. Amazon Key is a solution that allows Amazon delivery people to leave packages inside the home rather than outside the door. They do this by converting traditional door locks to smartlocks, which can be accessed by Amazon when needed. A camera is included to monitor the drop offs. I expect that Amazon has done their market research; They know that some consumers will prefer the risk of giving Amazon access to their home over the risk that packages could go missing. Additionally, the service avoids the inconvenience of having to wait at home for deliveries  This is the same tradeoff between operational efficiency and security that Sera4 solves for industrial infrastructure.

Smartlock security was put to the test at last year’s DEFCON conference, where hackers try to break security. Twelve out of sixteen tested smartlocks were hacked within 15 minutes using simple digital equipment. I had hoped that this would send a message to our industry to take security more seriously. Unfortunately, Amazon’s newly-released smartlock system has already been hacked. Although the current vulnerabilities don’t show how to unlock someone’s house without authorization, the security holes destroy trust in the video surveillance that is a core component of the Amazon Key system. I don’t feel confident to put this on my front door. I doubt anyone wants a lock on their house that let hackers walk in, no matter how “smart” the feature list appears.

Designing secure smartlocks is not easy. It requires both physical security and logical security. People have been designing for physical security for centuries. We’ve largely figured out how to do that. Designing for secure wireless control is a new area, where many designers are still just learning. It’s not surprising that they overlook things.  Security is Sera4’s specialty. Since we don’t aim to get our products in residential front doors, I hope that someone else brings secure residential smartlocks to market soon. If not, adoption is going to be very slow, or we’re going to have a lot of unexpected burglaries in the near future.

The Eternal Struggle: Security versus Efficiency

It is a struggle we all know well, we need to decide whether we want to be efficient or secure. Of course in an ideal world it won’t be choice between the two, however it often is. Even something as simple as working with a contractor when you aren’t available can be difficult.

There are a few options, none of which are ideal;

  • You make sure someone is always around or available – secure but time consuming and inconvenient
  • You make a key copy to give to them – efficient, less secure, and then you still need to keep track of that extra key. In many cases you can’t make copies of security keys.
  • You leave your key somewhere – efficient but not safe as anyone could find it, and then you need to worry about how to get it back so you can access the site.

This is also if there is only one level of security, looking at more secure sites with multiple layers you get further inefficiencies. People lose their keys and access cards, and forgo security measures all the time. Reissuing key cards is time consuming and having to rekey multiple sites is expensive. On top of that when something takes 30 seconds without security but takes 10 minutes with security measures, you can guess what a lazy or malicious employee will eventually do.

There is also the added issue that unless someone is always around you have no idea who is coming and going. You also have no idea if they secure the site, when they leave, or how long they stayed. As a result you are losing time and money no matter what option you choose. If you make it too easy to access people can hack into the system and remotely open locks. When none of the options are great it can be difficult to justify spending a lot to receive so little peace of mind in return.

At Sera4 our goal is to eliminate this struggle through modern technology, and to do it for remote infrastructures that face harsh or unique environments. Every time the lock is opened or closed it is recorded in an audit log so you can keep track of exactly who has been where and for how long. Users can reset their own passwords if they forget, the app is password-protected in case your phone gets lost or stolen, and you can only see and open locks if you are near the locks. We provide a platform that works with whatever phone you already have, and doesn’t allow remote access. We believe that anyone opening a lock should be physically present at the lock, just like with a traditional key. Our architecture choice to only open locks on short-range wireless connections radically reduces the risk of a hacking threat without affecting the practical use of a Teleporte system.

Your Wi-Fi Security is Obsolete!

Today, the world came to know that Wi-Fi has a catastrophic vulnerability in its negotiation of security keys.

Unlike the cracking of WEP (over 15 years ago) – this represents a huge concern for individual and corporate “privacy” as:

  • the reliance of Wi-Fi for data transport has become the default standard rather than the exception,
  • without software updates, there is no “alternate” way to configure your network to protect yourself (short of turning it off)

Fortunately, the report of the WPA2 security hole came many months ago – allowing vendors to implement fixes to their products.

Unfortunately, it will take many years to proliferate those fixes to everyone and every device.  I shudder to think how many products will be abandoned as “obsolete” by their manufacturers, meanwhile millions of users will go unprotected.

This Public Service Announcement hopefully highlights your immediate need to seek firmware upgrades for all your Wi-Fi devices (phones, laptops, routers)!

All our customers can rest assured that Sera4 products are not subject to this type of attack. Our current technologies and strict security protocols – prevent “man-in-the-middle” attacks – and we’re staying on top of all security threats to maintain our leadership in high-tech security.

Will Your Employees’ Mobile Devices Work With New Smart Locks?

Will your employees’ phones all work with the new Smart Locks you want to buy?

Designing and supporting a wireless application for the many variants of Android is challenging.  Add to this, a plethora of device manufacturers who use a variety of wireless stacks, and you get:          an interoperability nightmare

Just ask Kevo, they support only specific devices from 5 Android device manufacturers.

In today’s day and age, we are subject to traditional hardware makers trying to “tack on” technology (and worse yet — digital security) to their products.

Have you seen the Whirlpool washing machine with Wi-Fi?

Consider that the leaders of tomorrow are the technology companies that live/breathe/understand a complex, mobile, Internet.

Netflix is the tech pioneer changing the landscape of media content production and distribution.

Tesla is the genius changing the landscape of many industries.

Uber — need I say more?

Sera4 is a tech company focusing on the integration of secure high technology into the physical security packages you already use and trust. Turning your traditional padlock, electric strike, or maglock into “Smart Locks” is what we do.  Our application already interoperates with over 300 different mobile device / operating system pairings. We are pairing our technology expertise with the best in physical security — not just to add a cool feature – but to evolve the market.

Being a Co-op at Sera4 – August 2017

As a 2nd year engineering student from the University of Waterloo, there is a lot to be offered when working at a start up like Sera4 as a co-op. To start, specializing in hardware and firmware development allows me to be directly involved in all aspects of the product. With limited industry experience, working alongside tech gurus has been the hallmark of my experience. There is never a dull moment, as the small company size allows us to understand and appreciate everyone in the office. This means that I have exposure to all aspects of running a business. I am invited to participate in business decisions, product specifications, and various other decision-making tasks not normally exposed to co-ops.

On the technical side, my direct involvement in the next-generation MX controller from the start has been an eye opener to the complexity of control systems and it has taught me the essentials of designing circuit boards. Working with a Senior Systems Engineer, “Captain Hardware,” I have had exposure to industry standards, and best practices that a university degree simply can not provide. What makes this experience truly aspiring is that I am not treated as an co-op, rather an engineering employee. My opinion is not optional, but required, a quality that sets aside this co-op position apart from all others.

Worth around $113 billion as of 2015 [1], the security IoT market has become essential to the success of the IoT industry. With a projected $36.95 billion growth by 2021 [2], this industry offers an array of diverse and challenging career opportunities. Sera4 is striving to capture a portion of this market, and is quickly becoming a company on larger cooperation’s radars. Being an engineering co-op at Sera4, I have the opportunity to be part of a dynamic and highly motivated team that drives innovation in access control technology.

With continuous technological advances, consumers and enterprises have increase operation costs with more expensive assets bought each day. This means that there is a need for consumers and enterprises to feel insured and secure about their assets. Having access control to monitor what goes in and out does just that. Creating smarter, more efficient, and innovative solutions to solve the growing problems is exactly the industry to be in.

Written by: Raj Mody

Why Businesses Need to Retire the Master Key

At Sera4, we make physical assets easily accessible to people who need to get to them, while keeping them safeguarded from others. Many of the companies we help are working to solve a problem with theft and vandalism. I was surprised when I learned that in almost all cases, the majority of theft was from people who were entrusted with a key.

The companies we work with want to protect sensitive points in a network or service. To do this, they build physical walls around these sensitive points and put locks on the doors. Access is given out to the people who help maintain, facilitate, and run these points. This could be a large employee base, or a contractor force.

From here, companies have faced a choice. They can either choose to maintain their security by limiting the number of keys that are distributed, which becomes inefficient in having to pass physical keys, or they make multiple copies of a key.  Most companies opt for speed and efficiency over maximum security. They elect to trust the employees and contractors who have signed contracts, and issue them all keys. In extreme cases, all the locks are keyed to the same cylinder or all combination locks are set to the same sequence.  Thus, the Master Key. While it is a simple and easy solution for access control, the employees and contractors are now aware that their colleagues also have the same keys they do.

A desperate contractor or employee finds courage behind the curtain by anonymity. They reason that they can steal with low risk because they know that when the company discovers a problem, they will hide in a sea of others who are all holding the key that opened the door. And usually, they are right. Add to this that putting something behind lock & key adds to perceived value, and maybe there is more theft with the locks on than with no locks at all.

With smartphone-based access control, anonymity is removed. Anyone who opens a lock is reliably identified by their phone.  This removal of anonymity has been proven to dramatically reduce the occurrence of theft. Since the black market value of the things that are stolen is just pennies on the dollar, I think there is an opportunity here for everyone involved to come out ahead.