The case against Remote Unlock

Every now and again we are asked the question “can we remotely unlock things with Teleporte?”  We understand where the question comes from. Most IoT devices are focused on remote sensing or control from a distance. Smart devices allow you to do things like set your home’s temperature from the other side of the world. It’s easy to assume that smart locks should behave in a similar way.

We often get asked to include this feature but we have purposefully built Teleporte so that a person is required in the physical presence of the device. We wanted to render unlocking something remotely from a command center impossible. And it is important for you, our customers to understand why.

Practical Risks

First, we do allow you to remotely enable a user, so there is no argument for someone new or unexpected needing access. In what situation then would you want to release a lock without an individual there? We can’t think of a practical scenario. Having someone on-site means that when the lock is opened the asset is being watched the whole time. Someone can close a gate behind them, reducing the time an asset is not secured. And most importantly, a person on-site can lock up again. Many locks are designed to fall or pop open when unlocked, and without someone there to close them, a remote unlock function would not guarantee a corresponding and critical lock function. 

Second, you don’t just want anyone on site when access is granted: you want to know who is getting in. With a remote unlock, there is little guarantee that the person going into a site is the one who is supposed to be. Smartphones are actually very sophisticated to identify a user with passwords and biometrics and their location with GPS. A local virtual key is much more reliable than a remote unlock process.

Cybersecurity

Finally, we want to mitigate the risks of hacking and cybercrime. In 2019, artificial intelligence designed and carried out more cyberattacks than people did. The attacks are getting more sophisticated. At Sera4, we use the best cybersecurity practices, but no one can predict everything.  If there is a logical path to remotely unlock something, there is a risk that it will happen; be it a sophisticated hacking attack or something as innocent as an error in an API integration. Imagine the catastrophe if the locks on a critical infrastructure network were all remotely opened at the same time. We designed Teleporte to ensure that this is impossible. 

We appreciate the excitement around technical feasibility and fancy features such as remote unlock, but every feature comes at a cost. Our goal is to the safety and security of our systems first, ensuring less risk and more reliability to you.

Sera4 appoints Precision Marketing as US Sales Engineers

Sera4 is pleased to announce that Precision Marketing Inc. is now the exclusive frontline Technical Sales Representative firm for the Sera4 keyless access control product line for the Telecom, Utility, Transportation and Military/Aerospace markets for the following U.S. states: AL, AR, CT, DC, DE, FL, GA, IA, IL, IN, KS, KY, LA, MA, MD, ME, MI, MN, MS, NC, ND, NE, NH, NJ, NY, OH, OK, PA, RI, SC, SD, TN, TX, VA, VT, WI, WV.

Now in it’s 46th year of operation, servicing 37 US states, and a team comprised of 16 field solutions engineers and 7 inside support staff, PMI has established itself as a technical representation leader in markets such as Telecom, Utility, Transportation and Military/Aerospace. 

The partnership with PMI is effective immediately and it is a clear demonstration of Sera4’s commitment to serve the keyless digital access control market in the United States.

Go Keyless

It may not be apparent at first glance: going keyless is about a lot more than just not having to carry around a key or a fob. It’s about added security, new concepts of control, smarter operations and reporting. 

When we say “go keyless”, we mean abandoning any physical thing that controls access rights. That means no keys, no access cards, and no fobs. The keys are virtual; digital tokens stored in smartphones and automatically transmitted over the air.

Control

Virtual keys afford greater control over who has access to your assets. Keys can be granted to or revoked from people who aren’t physically present. Virtual keys can do things that ordinary keys can’t, like only permit access within a time window or limit the number of times they can be used. And with virtual keys, they can be automatically given many people in a service team and to many sites at once. These things would be impossible or very cumbersome with traditional keys.

Security

Despite first impressions and consistent news about poorly-executed smartlock designs, virtual keys can be more secure than physical keys. Imagine how we all do internet banking today. At Sera4, we use the same security principles and architectures to keep the same levels of reliability, security and scale. Where physical keys can be mechanically cloned, it is much harder to hack a digital certificate. Physical keys can be passed from person to person, or misplaced and picked up by strangers. Even more relevant is that virtual keys identify the user, which provides a lot of practical security. Many fewer people will brazenly steal from a site when they know they are being identified in real time.

Information

When business sites go keyless, they get automatic real time access logs. This can greatly reduce the cost of security protocols or even compliance with standards like ISO 9001. The data that comes back is already digital, more accurate and more detailed than traditional paper logs. Businesses should be analyzing this data routinely to identify waste in their processes and optimize their operations. Profiling site accesses can yield valuable insight about where contractors are not doing their jobs. Imagine a contractor that has billed to do a job that will take at least 2 hours, but the access logs show them on site for only 3 minutes.

Convenience

Most people will not forget their phone at home. Their car pairs with it and it’s clear when it’s missing. So many life functions depend on it. A physical key or card can be left at home without a thought until the moment it’s needed. So much truck roll is saved by not having to drive to get keys, either ones forgotten or fetching them from a depot. Virtual keys are with you whenever you need them!

And, of course, going keyless is also about the convenience. I used to go out with a wallet, a phone and a keyring. Then the wallet was absorbed into the phone with services like Apple Pay. Now, the keyring is also absorbed, and my pockets thank me. What I like best is when I need to get into a lock that wouldn’t have been on my physical keyring. Contact us to learn more about how friendly the future can be.

BIAS against Bluetooth

Another vulnerability of the Bluetooth security stack has been revealed this week: Bluetooth Impersonation AttackS (BIAS).

Unfortunately, this highlights another concern with the Bluetooth stack and is, in-part, due to the wide range of devices and configurations that Bluetooth has to support. The suggested remedy is for “the Bluetooth SIG [to update] the Bluetooth Core Specification”. (Source: bluetooth.com)

All this implies it will be up to chipset vendors to find and work around the problem in the interim.

Credit: The Hacker News tells us more …

The biggest risk is likely to be against mobile devices (mobile phones and laptops). Previously-paired devices can no longer be trusted. i.e. you could be communicating with a bad actor (impersonator).

As a word of caution: other Bluetooth-enabled smart locks and mobile software solutions may incorporate this same flaw. This would allow you to pass the digital keys to the wrong device: A “man-in-the-middle” attack.

Rest assured: Teleporte relies on digitally signed certificates to ensure that communications are encrypted. Only true Sera4 locks or lock controllers have the decryption key. All this happens without using the Bluetooth security stack — so access to your Teleporte locks remains secure and unaffected by BIAS.

A peek inside the Teleporte Cloud from Rancher

Here is a link to a blog from our friends at Rancher. It provides a sneak peek inside how we do cloud. Our own Jeff Klink discusses the advantages of the current Teleporte Cloud architecture. Read it and see how we deliver the security, reliability and scalability that Teleporte is known for.

Rancher is a container orchestration software company. We use their services to help us manage the Teleporte network.

Failsafe Unlock Explained

The Teleporte keyless access control system uses digital certificates as keys and controlled through a mobile phone application.  We have proven this method to be secure, scalable and reliable. Teleporte works on practically all Android and iOS devices (over 700 models in use and counting), so we ensure great user adoption. Users access the vast majority of our locks in this way.

With the recent launch of Teleporte server 3.4, we introduced the Failsafe Unlock feature. With this, you can still get into your locks in the event your smartphone isn’t working; whether the phone’s battery is dead at the end of a long working day or somehow your phone is damaged and no longer functions. The Failsafe Unlock feature provides you with a 4-digit flash pattern that you replicate by holding the button on the lock or with our Access Pad. Entering the valid code will grant access to the lock.

How Failsafe Unlock works as a user.

Failsafe Unlock is even easier to use from the administrator’s side. The administrator will tell the user the code and record who they gave it to in the admin panel. This way, Teleporte system maintains the access logs. The code is unique to each lock and is only valid for a few hours. Failsafe Unlock is now available to all Teleporte Enterprise subscribers.

With this innovation, we are enabling the transition to digital access control by eliminating the last of the reservations for going keyless. For more information, contact us or click here for more product information.

Deploying Teleporte during the pandemic

The COVID-19 pandemic is the biggest adjustment in business operations in a generation. Authorities worldwide are asking everyone to stay home or to maintain a social distance from others if we need to go out. No one knows how this situation will evolve, how long until we get a vaccine, and what permanent effects will persist in a “new normal”.

At Sera4, while we can’t practically retool to make facemasks, we can help with social distancing and help to monitor remote sites when technicians visit less frequently. Teleporte’s keyless infrastructure means that you grant access virtually – no handing out keys, cards or fobs; no paper sign-in sheets. You can make your process more efficient and secure, while maintaining the social distance that is now required. 

A lot of people we speak with are concerned about the risks of going digital on something as important as site access control. No one wants a system that doesn’t work as intended every single time, and many people are afraid of the risks of a hacking attack. These are legitimate concerns, given the poor reliability of many new technologies and the steady stream of bad press about smartlock solutions that have been hacked.  

We are very aware of these concerns and work hard to address them. Starting from a security infrastructure that has its roots in BlackBerry, we have built Teleporte to be the most secure keyless access system, built on a patented system that uses digital certificate – just like internet banking. Having measured a 99.97% access success rate over the last 1 million openings on the Teleporte network worldwide, we maintain that Teleporte is as reliable as a traditional lock and key.

We’ve also made Teleporte a very safe and simple system to deploy. Being a cloud-based solution, it requires no IT integration project, no servers, no data connections, no power (in the case of our padlock), no maintenance routines. Just install a padlock or a lock controller on your door, enclosure or gate and visit teleporte.sera4.com to manage access. And that’s it!  

Contact us or our network of distributors and integrators to learn how Teleporte is the right solution to roll out in the face of social distancing. Or click here and take a look through some of our information to decide for yourself.

Teleporte Cloud Server 3.4 Launched

Cloud server 3.4 introduces one major new feature: 3.0 of the REST API.  This new API has additional security controls, allows for multi-organization control and surfaces new features and better performance than the existing API.  API onboarding and usage instructions can be found publicly at https://apidocs.sera4.com. Existing customers using the prior generation API will not be affected and a sunset date will be announced sometime in the future.

In addition, we have added support for flexible lock licensing. This feature tacks the exact license dates and features for each lock, allowing organizations to supplement additional locks with licenses at any time. Administrators may now see greyed out icons for features which can be enabled via additional licenses.

Finally, small feature fixes have also been implemented that target improved readability of reports, the usability of the administration dashboard as well as performance fixes for the download of digital keys to mobile devices.

Teleporte 5 now available for iOS

We’re excited to share that the Teleporte 5 mobile app for iOS is now available on the Apple App Store. This new release brings the current Teleporte experience to iPhone, aligning with the look and feel of the latest Android releases. This release is part of our ongoing commitment to compatibility with as many smartphones as possible.

Teleporte Android App 5.0

Today, Sera4 released version 5 of our Teleporte mobile app on the Google Play Store. Version 5 introduces full compatibility with the Teleporte Single Sign-On servers. From now on, users will sign in to the Teleporte app on their mobile phones and are be provided with the choice of organizations where they have memberships throughout the Teleporte network. In addition, there are a number of improvements in the user experience.

The Teleporte mobile app remains free for anyone with an Android device to download and use.