If you read my recent review of the new Kwikset Kevo Bluetooth Deadbolt, then you know that I was impressed with this new smart lock.
According to some of the comments, I shouldn't have been:
...the lock itself is so weak that a 10 year old kid can slam a screwdriver in it and force the cylinder to turn and unlock and be in your house in a matter of seconds...
Any thief with a "bump" key will open this 200+ dollar lock in 5 seconds...
Kwikset locks can be easily unlocked with a blank and a screwdriver. There are several videos on youtube showing how easy it is...
A quick Google search confirms the existence of a controversy. Look long enough, and you'll find article after article detailing the weaknesses of Kwikset deadbolts, not to mention numerous YouTube videos of people demonstrating how to take advantage of these weaknesses. Many of the arguments are centered specifically on Kwikset's SmartKey deadbolt, a deadbolt that's designed to allow users to rekey the lock themselves in a matter of seconds.
It also happens to be the kind of deadbolt that the Kevo uses, and for some, this all but disqualifies the lock. However, I'm not nearly as convinced that anyone should write the Kevo off just yet. Here's why.
It's bump-proof -- really
Many of the arguments against Kwikset that you'll find online focus on a practice called "lock bumping." To bump a lock, a thief will insert a special key called a bump key into the deadbolt, then tap on it with a blunt object like the handle of a screwdriver. The bump key transfers the force of the bumps into the lock's pins, jolting them into an unlocked position without damaging the lock or leaving any trace of a forced entry. Many standard pin-and-tumbler locks are vulnerable to this kind of attack, including some basic Kwikset locks. Some have claimed that this is a vulnerability that carries through to SmartKey locks, including the Kevo.
To be blunt, those people are wrong. The SmartKey deadbolt uses serrated disc tumblers and a unique horizontal slider in place of the classic pin-and-tumbler setup. Without those pins, bumping just won't work. When Kwikset calls the SmartKey deadbolt a bump-proof lock, the company isn't exaggerating.
It's notoriously difficult to pick
The two most widely recognized and accepted organizations for assessing the quality of locks are the American National Standards Institute (ANSI) and Underwriters Laboratories (UL). ANSI grades locks on their operation, key torque cycles, pull strength, and impact resistance. While certain SmartKey models meet Grade 1, which is the ANSI's highest grade, the Kevo's particular SmartKey deadbolt is Grade 2. This is still a very good score, certifying that the lock can withstand five 75-foot-pound blows, two blows from 120 foot-pounds, 5 minutes of sawing, and at least 360 pounds of bolt-end pressure.
UL certification focuses more on lockpicking and tooled entry, and here, SmartKey deadbolts (including the Kevo) pass the most stringent test, UL 437. This means that SmartKey deadbolts are resistant to a wide variety of lockpicking tools and techniques for certain amounts of time. To demonstrate this level of lockpicking security, Kwikset holds a yearly challenge, offering $5,000 to any locksmith who's able to pick the SmartKey deadbolt using standard lockpicking tools within 10 minutes. The overwhelming majority of these trained professionals can't do it. Even one of Kwikset's most vocal critics, Marc Weber Tobias (more on him in just a bit), told us that the SmartKey lock is virtually impossible to pick.
The problem with bypass tools
Other videos criticizing Kwikset point out that the lock can be easily compromised using a specialized bypass tool used by locksmiths. This tool was developed specifically because the SmartKey lock is so tough to pick -- locksmiths needed another way to force the lock open for their locked-out customers. Of course, if this tool falls into the hands of criminals, they can get past your lock in mere seconds. Doesn't this mean the security of the lock is compromised?
Yes and no. The first thing to keep in mind is that Major Manufacturing, the makers of this tool, specifically restrict its sale and information about its design and use to licensed locksmiths only, so it isn't something that a thief could just pick up at a hardware store or even order online (you won't even find one listed on eBay). If an unscrupulous locksmith sells his used tools under the table, then yes, that's a problem, but it isn't a problem that's unique to Kwikset, as tools like this exist for a variety of locks.
Second, using the tool to bypass the SmartKey deadbolt requires a degree of brute force, and will, in many cases, permanently damage the lock. This sets it apart from quieter means of entry, like creeping in through an unlocked window, carefully slashing a screen door, or even lock picking -- against which the SmartKey deadbolt is, again, highly resistant.
What about that screwdriver trick?
It isn't as simple a trick as some have made it out to be, but it's a legitimate point of concern. Abovementioned security expert Marc Weber Tobias has a video demonstrating the technique, which involves not just a screwdriver, but also a wrench, a hammer, and a filed-down section of a particular Kwikset key blank. In the video, Tobias and his associate use this method to bypass a SmartKey deadbolt in just under a minute (it's unclear what specific SmartKey model they're using, but it isn't a Kevo). Again, this technique is different from bumping, which is a finesse move. This one requires a degree of brute force, including some noisy banging and jimmying of the lock itself, and it leaves the lock damaged, with the keyway totally blocked. But still, since it uses tools available to the general public, it's something Kwikset needs to take seriously.
In addition, Tobias has demonstrated a method of hammering through the back of a SmartKey cylinder, then using a bent paperclip to manipulate the bolt-throwing mechanism. Again, there's nothing subtle about the technique (a thief might be able to enter your home less conspicuously by breaking a window), but it still appears to be a legitimate vulnerability.
I spoke to the engineering team at Kwikset about the issue, and they were quick to assure me that they take all security concerns seriously, including these. They also claim that the Kevo's specific SmartKey deadbolt -- model 925 -- includes some subtle engineering upgrades (which they understandably wouldn't specify) designed to prevent attacks like these. As for the videos, they claim that the techniques Tobias demonstrates are much more difficult to execute than he makes them appear. He and his team, after all, are very, very good at bypassing locks. Additionally, they point out that none of these videos or claims have focused on the Kevo-specific deadbolt, but rather, on earlier SmartKey models. Tobias also confirmed for us that he hasn't gotten his hands on a Kevo yet -- though he said that he plans to test one out as soon as it's available.
Proceed with caution?
If you've already preordered a Kevo, you don't need to panic. As a bump-proof, arguably pick-proof lock, it's of higher quality than most. Even if these screwdriver-based bypass methods turn out to be a real concern, it's still a lock that's essentially going to force thieves to break in your door if they want in. And, of course, that's only in the seemingly unlikely event that they don't try and enter through a sliding door, a basement window, or some other common household weak point, instead of through your front door.
As they say, locks only keep honest people out, and the SmartKey deadbolt is no different. If people are truly determined to break into your home, it's going to be impossible to stop them without investing in steel-reinforced doorframes and bars over your windows. Short of that, if you want to feel safer in your home, you should look into home security options, automated lights, or even just a good guard dog, all of which have been shown to deter burglaries.
As for us, we'd like to conduct our own testing. If the risk is that a common criminal could watch one of these videos and then compromise your lock, we intend to see for ourselves how easy these techniques are to replicate. Soon, we'll be installing a few more Kevos on our testing floor for this express purpose, so stay tuned. When we know more, so will you.
Very educating story, saved your site for hopes to read more!
ReplyDelete