Personally i'd have put a ring terminal onto the earth and affixed it to the case. If the solder joint fails on the earth wire, and a fault causes the case to become live, then your circuit protective device may not trip.
This is probably an adequate replacement for a cheap mechanical code lock in an indoor environment where there are always staff around when the building is open. It would stop members of the public wandering into areas they should not be in by accident but not much more. Even though the RFID tags are easy to clone it is still less likely to happen than somebody working out the code on the mechanical lock, either by observing staff typing it or looking at which keys have the most wear (the cheap ones are combination, rather than permutation based so the order doesn't matter).
I’ve been watching your videos for a while now. People often comment about you speaking too quickly. I think this video is the only time where I’d agree
Nice to see the system and how it works inside. About the defeating it - well, yes. Obviously you have to build this case into something rigid around it at an installed site. Then there is no access to the screw or the case and cables. Of course if you have a building in which the mains-power is accessible from outside (like for the fire-fighters) then you don't even need a screwdriver to defeat this system: just open the electrical-door, pull the fuse, open the door, put the fuse back in and no-one knows what made the short power-failure. Should at least come with a battery that keeps the lock working for a couple of minutes or half an hour or something like that.
So, me and my colleague worked in a school as IT techs and we introduced something like this, cheap system, to our server room. After a while, my colleague found a way to bypass it with a paperclip. He hid it ontop of the doorframe. And told me to only use it if my pass didn't work. Later on, he constructs a RJ45 faceplate that is hardwired into the bypass. and put it inside the server room. He said "If you ever get locked in, short a RJ45 head in these specific pins, and plug it into the faceplate. The door will open." I would use the RJ45 way all the time as my way of exiting to look badass, haha.
I would maybe use this during the day to make it easier for employees to get in faster and simpler then keys and generally deter the public but then when the office is closed at night lock the door with something like a deadbolt or other heavy lock in addition to this.
Interesting. I bought the same lock but bought a 12v/5v laptop "brick" PSU. I should have done the same as you and bought the whole kit, especially as I now know the lock PSU can take a GPIO input. I'm installing this lock with a Rasp Pi 4 running Domoticz in a Docker container. Pi operates a solid state relay which was about £17 for a module of 4 relays. The Pi connects to a Texecom panel (your video review on this panel was really helpful)
I suppose the easiest way to make this a bit more secure would be to replace the screw on the bottom with a security torx (or similar) screw instead of just a standard Phillips one, but that wouldn't deter someone determined to get in becasue they could just come back with a security torx driver to remove it, or as you said, use a hammer or a rock if they dont care about it being noticed. The higher end systems are usually in 2 parts, where the "keypad" is its own device, and the mag lock/release button are a seperate device, usually connected to a network (and in the case of the keypad/reader, usually powered by POE), where the 2 seperate devices are then linked in some kind of central software controller where you can configure what controller is linked to what mag lock to form a "door" Also, Hi from Paisley!
At least some of those higher end systems are also capable of associating RFID tags with employee names, so there would be a log showing which employee (name and/or ID) entered which door at which date and time, possibly even indicating in red when someone access it outside defined "business hours". I've seen such systems in use in large office and school buildings!
Security torx screws are useless! All it takes is a small flathead to reliably remove security screws. I can’t remember the last time I have used a security driver...
I'm surprised that it's just the magnet keeping the door shut - I would have presumed that the magnet would be used to hold bolts in position (or hold them out the way), so the strength of the lock would be the strength of the bolts, not the strength of the magnetic field. Also doing it that way would allow for a key/lever based override, so that it could fail to locked when power had failed. The fix for the keypad would be to have just the keypad on the outside with the logic board on the inside - it may even be possible to mod this module, depending on how the keypad is connected to the logic board.
If I designed it, I would have transmitted the door code after encoding a super-dooper hash over wire (or wireless) to an internal decoder to unlock the lock. Protect the smarts. Thanks for the video.
The mains would be perfectly fine if the psu was fitted inside an electrical enclosure which is probably what it's intended for I'm aware given the price of the kit it probably won't be an electrician installing it just saying. also if it were in an enclosure you could do your earth connection to the outside of the case through the screw on the case using a crimp on lug
I've had an idea now for a few years that I would love to have your input on Cameron, and seeing you've now delved into the world of access control (and the current hightened hygiene requirements 😉) it would be a perfect time to bounce this idea off you 😁
great video and super good explanation of everything. can I suggest that the gap between live and neutral (weld points you did at the back of the board) is not enough for mains voltage) electricity jumps you know!
Potentially depending on how strong the magnet and handle are but they usually aren't too bad if properly installed. However this kit is also available with other locks including drop bolts and various latches which would also be affected by the flawed architecture, it's not only available as a maglock.
This why these systems need to do the actual processing on the secure side of the door. Something like sending an encrypted payload over the wire with the RFID/Pass information. Even if you took the box out, the encryption keys are burned into the IC.
I'm looking into these for a small rural resort I manage maintenance at. The security flaw isn't too big of a concern considering they still have metal keys and get left unlocked half the time any way. I'm more worried about guest keeping keys and coming back. I'm just not sure if they'll hold up.
In a commercial setting I'd definetely be looking for a better option! Not just for this flaw but as you said, these devices don't provide any functionality around managing/revoking old tokens. You'd really be better off looking at proper access control systems which would allow you to set expiry dates on each card - I have a bunch of hotel keycards that I've forgotten to hand back over the years however I can safely assume that none of them would work anymore since they'd have been used with a proper hotel access control system that can disable old cards, not the case with a cheap device such as this!
I hope people aren’t using these in busy offices... they need to release on fire alarm otherwise after the first person hits the door and can’t get out the whole crowd will start pushing and it’s too late to unlock the door causing TONS of preventable deaths.
If i remember correctly, in the UK there is supposed to be a "break glass" emergency release next to the door (the older sort have actual glass in them that breaks when you press hard, and when the glass is broken, it operates a switch which releases the door, the newer ones have a plastic peice in them which drops down slightly when you activate it) and the "break glass" emergency release is supposed to be wired so that even if the control system for the lock became unresponsive (to where the normal way of releasing the door doesnt work) the emergency release would still work (in the case of this lock the emergency release would go between the lock itself and the power supply)
Unfortunately protecting the screw isn't really sufficient as the plastic keypad could be easily pulled/smashed off of the wall. The flaw with this system is an architectural issue - a secure door entry system carries out all authentication and control of the lock from a controller in secure location. The keypad should just be a dumb keypad/RFID reader that sends the data to the controller over an (ideally encrypted) digital link.
Hi Cameron, quick question. I want to add another RF relay to this system so that its controlled by a remote as well. How do I go about doing that. When I connect the second relay the access control system just turns off🥲. No idea what im doing wrong.
Yes, although this is standard for magnetic locks unless you added in a battery backup. There are other types of locks that require a power supply in order to unlock so these will remain locked in the event of a power outage but they would then also require a mechanical override such as a door handle to allow the door to open in the event of a failure/emergency.
At 6:20 , Can you explain how you wired the 2 red wires from the 3 core flex thats connected to a mains plug? Can I wire them to a 2 core flex connected to a mains plug? Do I need an earth wire? And where did you connect the earth wire at 6:20
At 6:20 I temporarily connected it by using a couple of Wago terminals, at 13:29 I show myself replacing these red wires with a piece of proper mains flex wired directly into the power supply as it should really be earthed and having that pair of single insulated wires outside of the enclosure isn't compliant with regulations in the UK.
How many burglars have the manual to know which terminal is which? I would be interested in watching what happens when the paper clip touches the incoming 240v.
Sure, the average burglar won't have a manual but that doesn't really excuse this flaw, if someone wanted to target a specific lock they could fairly easily figure it out and if enough of these locks ended up in the wild, the process of bypassing them could become common knowledge. As for the 240v comment, the keypad is a 12v device so there's no risk of coming into contact with the mains.
If the keypad has a tamper switch that cannot be easily bypassed and a LDR to sense keypad removal, where the tamper detect circuit disconnect all the cables, this would make it far more secure. The magnetic lock is very weak and can be kicked open anyway.
solution = pour some encapsulation resin in the rear of the keypad case covering the pcb and connector after plugging it in... or buy a cheap siren and wire it to the NO of the keypad that way it sounds if the wires are disconnected
That would make it harder but then there's still nothing stopping someone simply cutting the wires and joining them together that way. IMO the only way to do this securely is to have the PIN validation and lock control handled by a controller on the secure side of the door and have the external device simply be a dumb keypad that sends the key presses and card data to the controller on the inside of the door.
I've a feeling the mains input side of the power supply had been wired for electrical standards in China, rather than electrical standards in the UK and most other countries.
Power passed into the control input is purely a signal to control the output, it does not pass through or power the device so this wouldn't work. You'd probably be better off with a higher end access control system that has a proper battery backup facility.
That was just to provide a 12v supply to those pins to demonstrate how they'll trigger the lock to open, if the power supply wasn't plugged in, that battery would do nothing.
Great video and very well presented but note the power supply and the keypad are not CE marked therefore should not be sold in the uk. It would be the sellers responsibility to get them CE marked. The fact you had to change the wiring and solder a new cable says it all. It makes the product dangerous and most people would not change it and just use connector block and plug in. It's great you have shown this product for was it is. Personally would avoid as its rubbish.
@paulattree4171 I'm an engineer Paul, so no i don't find things difficult. Open my mind to what? The fact that it is not earthed which by the way is UK regs and the chasis can become live at any time? This is a dangerous product when not earthed. Not difficult to know that if you have the knowledge.
There is an easy way to better the security of the control box and the wire harness which seems to be your only issue with this system. The only difference this system has different from the high and low end commercial systems is the key pad is better housing and there you go oh and a battery back up during power lose and tge power in to shut it off is for fire exiting wire smoke detector power out in there and your safe and sound 24/7
With the commercial systems I've seen (Paxton being one that I've personally worked with) the difference is with the architecture. With the higher end systems, the actual controller that connects to the lock and that handles the logic is separate from the keypad. The controller can therefore be stored in a "secure" location (often even simply on the wall inside the door) then all the keypad does is send keystrokes or card information to the controller. The controller then handles all authentication. If someone is able to break the keypad off the wall, all they have access to is a digital connection which if designed correctly, cannot be used to open the door.
I agree they are able to do oh so much more but your getting what you pay for you pay little you get little. But even the high ends have draw backs its a give and take world i guess. And i did enjoy the video it just had me thinking how to over come some of short coming to make it a little better and keep it cheap. I used to install the bigger much much bigger system and miles of wire in nursing homes and businesses about, wow... 20years ago. But thank you for the video and ill be checking out more for sure.
I find it amusing that a 6W magnetic lock can easily defeat me in a pulling contest. en.wikipedia.org/wiki/Electromagnetic_lock#Electrical_requirements
The problem with the system is the accessible screw on the reader. If you replace the reader with one that prevents easy physical access, then the system becomes quite secure.
The issue is that the processing is done on the insecure side of the door, even with a better screw, the outside unit could still be forced off the wall with a crowbar.etc. For a system like this to be secure, the external unit should purely read PIN numbers and card data and send it over an encrypted digital connection to a controller on the secure side of the door, this controller is what validates the data and ultimately controls the door lock. That way, if you force the external reader off the wall, all you'll have access to is a digital connection that you can't compromise by simply shorting wires out.
You could replace the screw with a less common one, torx or the type that is 2 dots. Sure if someone had the screwdriver bit for that type it would be the same but your average joe burglar isn't toting a snake eye screwdriver. edit: I suppose it wouldn't help against the smashing...
Radical idea here.. How about they design a keypad where the electronics actually doing the checking and unlocking are in a box on the back of the doorframe, with the box at the front containing only the electronics required to run the keypad and RFID reader? I realised that is likely how more professional systems are designed.
That's exactly how the professional systems work - there is a control unit located on the "secure" side of the door (or even locked away separately) that handles all authentication and connects to the lock (often also has a battery backup). The card reader/pin pad.etc then connects to this unit using a digital connection that simply sends key presses/card data, if someone were to break off the keypad/card reader, the most they can do is access these digital lines which are of much less use for opening the door. Suspect you may be able to brute force codes by simulating a keypad on these digital lines although this could be mostly solved by rate limiting.
@@camerongray1515 there is an attack that someone has done with the better systems, where they installed a device of some sort (which essentially grabs the credentials when someone scans a card, and can then use that credential to unlock the door for the attacker)
That's definitely true, they can often be defeated with fairly standard card cloning type stuff, but that would take a lot more effort, skill and hardware than something like this that could likely be done purely with physical brute force. Card cloning can usually be overcome by additionally requiring a PIN after scanning a card essentially implementing 2FA. This is standard in most higher security applications.
Just bough one of this cheap access control set, and you know what?) They filled the whole scheme's back with epoxide so you don't have a chance to make that fancy move anymore)
Interesting, I imagine it's more of an attempt to seal it against moisture rather than any sort of security improvement. If the device is architected the same as the one I showed here (i.e. where all the processing is done by the external keypad) then you're still vulnerable if an attacker can get to the cable.
Just got one too and my back is fully open Seperate question though and maybe this is my being stupid. I can't get it to power with a 12v batter back connected to the PSC
Unfortunately the issue goes beyond how it is installed, in my opinion there would be no safe way to install this system as the wiring to open the door will always have to be connected to the reader on the outside fo the door. In my mind, the only way to correctly do this is to have a dumb card reader/keypad on the outside of the door connected over a digital connection to a controller in a secure location with the controller switching the power to the lock. That way, if the card reader is removed, the attacker will only have access to this digital connection which can't simply be shorted out to unlock the door.
@@camerongray1515 I totally agree. I have those cheap ACS installed on my clients, as much as possible, no wirings must be easily accessible outside, if possible, chip a portion of the wall to submerge all the wirings or even the reader/keypad itself. We have better ACS systems thou most of my clients prefer this type of ACS. The price of good ACS comes in to factor as well.
@@JericDacara I think my fear with mounting it that way would still be that at least with this one, it's only made of plastic so simply smashing it with a hammer from the front could give access to the wiring inside. I definitely agree that the "proper" systems can be significantly more expensive though.
I buy prison electric locks, actual American access control keypads made for vandal resistance, and they are much much harder to defeat. Anything can be defeated given enough time and resources which, outside of a prison or asylum, can be done. But I digress
With this it's very much down to the system architecture rather than the actual physical hardness. Even a cheap plastic keypad can be perfectly secure if the actual processing is done on the inside of the door and all the keypad does is send a digital signal of keypresses/card information to a controller in a secure location. A super robust metal keypad is still flawed if it's possible to simply short some wires inside to open the door. The issue with the system I demonstrated here is that the wiring behind the keypad has a wire that can simply trigger the door to open. If all there is behind a keypad is a digital connection to an external controller, it's not going to be possible to attack this without simply brute forcing codes down it and even that could be prevented if the digital signals are encrypted. At that point, it would be easier to physically break the door down rather than to bother attacking the access control.
@@camerongray1515 Hmm.. Since I got your attention on this, and indeed you seem to be one of a few that actually plays with this stuff like me, could you do a very very simple test? Place the keypad behind a piece of 3/4" thick board like what you used to mount it but try to trigger the keypad by putting the fob to the board instead of direct to the face of the keypad. Will it pick up the signal THROUGH a WALL? That is the experiment. See, IF that is possible, you can HIDE the keypad INSIDE the wall but behind a skin thin enough to allow the RF signal to pick up the fob but thick enough to still be THE WALL. Inside a house or office the wall hiding the keypad face would be drywall or plasterboard as is called in some places. But on a BRICK exterior though? Hmm, a thin fake brick tile in front of the keypad hidden inside a recess in the wall? You can test this by placing a ceramic tile or piece of plasterboard in front of the keypad and try to trigger it with the fob. See, that is the idea I have to resolve the OBVIOUS device next to a door conundrum I am having in a bad neighborhood where break ins ARE prevalent. The door and prison lock then become real secure if the thief can not SEE a keypad or keylock switch to try and tamper with. And yes.. a controller placed in a secure location is key here lol! I have read some keypads with RFID sensors, allow you to remove the RFID sensor part and place it remotely some where to trigger the keypad too, but without the keypad electronics being present at the remote location, without having to buy some expensive networked access control system to achieve this. The manual PDF states you can place the plastic RFID sensor that just has the 2 wires attached to it, to say the outside of your front door with the keypad on the inside in a secure location. The keypad is made of plastic too so that makes sense no? BUT, can you HIDE the sensor behind say plasterboard or a thin brick and have it still work? THAT is the experiment I am wanting you to try since you DO have a keypad like that. Shoud be simple and real quick to know if the RFID signal is strong enough to pick up through tile, brick or plaster or wood panel.
Unfortunately I can't really test much with this since I'm currently using the power supply for another project and the rest of the parts are stored away although I imagine it's very dependant on the reader and fob used as to how strong the signal is. That said, a properly designed system with a reader that has a purely digital interface to a securely stored controller should be totally secure and can't be tampered with from the reader. Systems like these are commonly deployed in many high security applications such as datacenters without issue. I can't imagine hiding the reader to have any real benefit from a security perspective. You'd also realistically need some sort of manual override in the event of a system failure (either to cut power in the event of a fail safe lock or some sort of manual key lock if a fail secure lock is used). This is likely to be a much more likely plan of attack, the average burglar isn't going to be attempting to exploit a controller through an externally accessible digital connection.
Additionally, in high security environments it's important to have multiple factor authentication, you'd usually have both a key fob/card and then have to enter a PIN into the reader. This prevents people being able to use stolen/cloned cards as they won't know the PIN. Therefore you'd need to have an accessible keypad to enter the PIN.
They could and assuming you'd need to use both locks or if this is only used as a sort of basic form of access control when the main lock is unlocked then it's not necessarily dreadful assuming the risks have been considered. The issue is people fitting these in situations where they're the only form of lock on something that should be kept secure. I've seen these things used on "secure" car parks and doors to apartment buildings as the primary lock.
@@camerongray1515 I get what you're saying because there are some access control systems that are lot more secure for example Paxton net2 access control uses proximity readers and proximity fobs and it's configure the on a PC which I think is pretty cool what I'm going to be getting for my shed is a Paxton switch 2 controller to use on my shed but I also have a padlock installed on the shed door which makes it extra secure
Yeah, those systems do it correctly by keeping the actual brains that control the lock in a secure location so if someone were to remove the reader, there's not much they can do as it's a digital connection. I've used Paxton net2 briefly in a commercial office (although admittedly just to enrol a card, I didn't actually install it). My fear with the cheaper systems like the one shown in this video is that people see the Paxton systems in use in commercial settings then see the cheap devices on Amazon and think of them as being the same thing.
A high end system will have the digital processing logic running on a controller in a secure location, on the outside of the door you would have a dumb keypad that would send a digital signal to the controller containing card information/pressed buttons. If an attacker were to remove the keypad, all they would have access to is this digital connection which can't simply be shorted out. With the system shown here, the system simply sends an open signal directly to the relay which can be shorted out easily.
Jeeze... this is too easy to hack lmfaooo. Thanks for this video... have 2nd thoughts in getting this. This is why I hate company's design system, it's best to use all pure software, fully custom centralized system where the software reads all inputs. These are know as ur Arduino lock systems which is much safer than standalone systems. You have to install this particular keypad module with the screw hidden from a person like yourself digging around there, obviously. Any professional knows this and would install the keypad flushed to the wall. But I have to agree, the screw right beneath the keypad is really stupid, using an ordinary Philips screw some, effort should've been given by the company to make it difficult to open easily. It's going to be really tricky to hide that bottom side screw and making it legitimately hack proof.
The issue is greater than just the screw, even if the keypad was mounted flush, it could still be destroyed by hitting it hard enough which would expose the wiring. The way this should be done (as is the case with professional systems) is that the device on the outside should purely read card details and key presses and send these over a digital connection to a device on the "secure" side of the door which checks the code/card and operates the lock. With this, even if the card reader is totally ripped off the wall, all an attacker will have access to is this digital connection which can't simply be shorted out to open the door. The worst that could be done would be to attach a device to this digital connection to brute force a code but even this could be resolved by using encryption across this link.
This system doesn't have any sort of ability to use a "slave reader" and it clearly is designed to have the keypad on the insecure side of the door and the push to exit button on the secure side which is the issue. The way to do this correctly is to have an access controller where the actual processing is carried out by a device in a secure location which is connected to a dumb keypad on the outside of the door over a digital link. IMO there is no way to install the system shown in this video without it being vulnerable.
I'm NOT going to watch this video. I know you are going to talk about the lock relay being in a Keypad or reader available to anyone that is on the Unsecured side of an access control point. YOU get what you pay for!!!!!!! If you want to post a 32 minute video about defeating a CHEAP access control system go ahead. I am a professional security technician. I can assemble a door that I promise you that You CANNOT defeat.
It's not like I forced you to watch the video... The point is to demonstrate the issue to people who don't understand the security risk of such locks and end up using them where they're not suitable. It's not like I'm trying to act like some sort of security defeating god... No need to flex that you can assemble an undefeatable door, I'm not saying that I can defeat anything that's designed properly!
Personally i'd have put a ring terminal onto the earth and affixed it to the case. If the solder joint fails on the earth wire, and a fault causes the case to become live, then your circuit protective device may not trip.
Yep
I legitimately thought this was a LockPickingLawer video when I clicked on the thumbnail. The change in voice surprised me a bit XD
The Lock Picking Lawyer *joins the chat*
His video would have been 40 seconds long though.
@@SianaGearz true
Looked for this comment, found it
Same, Rob G
This is probably an adequate replacement for a cheap mechanical code lock in an indoor environment where there are always staff around when the building is open. It would stop members of the public wandering into areas they should not be in by accident but not much more.
Even though the RFID tags are easy to clone it is still less likely to happen than somebody working out the code on the mechanical lock, either by observing staff typing it or looking at which keys have the most wear (the cheap ones are combination, rather than permutation based so the order doesn't matter).
I’ve been watching your videos for a while now. People often comment about you speaking too quickly. I think this video is the only time where I’d agree
Nice to see the system and how it works inside.
About the defeating it - well, yes. Obviously you have to build this case into something rigid around it at an installed site. Then there is no access to the screw or the case and cables.
Of course if you have a building in which the mains-power is accessible from outside (like for the fire-fighters) then you don't even need a screwdriver to defeat this system: just open the electrical-door, pull the fuse, open the door, put the fuse back in and no-one knows what made the short power-failure.
Should at least come with a battery that keeps the lock working for a couple of minutes or half an hour or something like that.
So, me and my colleague worked in a school as IT techs and we introduced something like this, cheap system, to our server room. After a while, my colleague found a way to bypass it with a paperclip. He hid it ontop of the doorframe. And told me to only use it if my pass didn't work. Later on, he constructs a RJ45 faceplate that is hardwired into the bypass. and put it inside the server room. He said "If you ever get locked in, short a RJ45 head in these specific pins, and plug it into the faceplate. The door will open." I would use the RJ45 way all the time as my way of exiting to look badass, haha.
I was searching for home access control and end watching the whole video and enjoying it, keep it up
I would maybe use this during the day to make it easier for employees to get in faster and simpler then keys and generally deter the public but then when the office is closed at night lock the door with something like a deadbolt or other heavy lock in addition to this.
That's exactly the use case for them... It's not meant to be a secure only lock (even by the fact it needs power to secure the door)
Interesting. I bought the same lock but bought a 12v/5v laptop "brick" PSU. I should have done the same as you and bought the whole kit, especially as I now know the lock PSU can take a GPIO input. I'm installing this lock with a Rasp Pi 4 running Domoticz in a Docker container. Pi operates a solid state relay which was about £17 for a module of 4 relays. The Pi connects to a Texecom panel (your video review on this panel was really helpful)
I suppose the easiest way to make this a bit more secure would be to replace the screw on the bottom with a security torx (or similar) screw instead of just a standard Phillips one, but that wouldn't deter someone determined to get in becasue they could just come back with a security torx driver to remove it, or as you said, use a hammer or a rock if they dont care about it being noticed.
The higher end systems are usually in 2 parts, where the "keypad" is its own device, and the mag lock/release button are a seperate device, usually connected to a network (and in the case of the keypad/reader, usually powered by POE), where the 2 seperate devices are then linked in some kind of central software controller where you can configure what controller is linked to what mag lock to form a "door"
Also, Hi from Paisley!
At least some of those higher end systems are also capable of associating RFID tags with employee names, so there would be a log showing which employee (name and/or ID) entered which door at which date and time, possibly even indicating in red when someone access it outside defined "business hours". I've seen such systems in use in large office and school buildings!
Security torx screws are useless!
All it takes is a small flathead to reliably remove security screws. I can’t remember the last time I have used a security driver...
It’s so great to catch one of your videos early! You’re keeping quarantine interesting for so many people :) [Hello from Australia by the way 👋]
The 'door exit' button appears to use the same "screwless" design and hole pattern as the MK Essentials in John Ward's recent video.
Yes but the switch is a fake of the MK series from the UK.. Like the Metallica song goes: "SAD BUT TRUUE!!"
Great video Cameron! Really well presented and interesting to watch, especially during this lockdown!
I'm surprised that it's just the magnet keeping the door shut - I would have presumed that the magnet would be used to hold bolts in position (or hold them out the way), so the strength of the lock would be the strength of the bolts, not the strength of the magnetic field. Also doing it that way would allow for a key/lever based override, so that it could fail to locked when power had failed. The fix for the keypad would be to have just the keypad on the outside with the logic board on the inside - it may even be possible to mod this module, depending on how the keypad is connected to the logic board.
If I designed it, I would have transmitted the door code after encoding a super-dooper hash over wire (or wireless) to an internal decoder to unlock the lock. Protect the smarts. Thanks for the video.
The mains would be perfectly fine if the psu was fitted inside an electrical enclosure which is probably what it's intended for I'm aware given the price of the kit it probably won't be an electrician installing it just saying. also if it were in an enclosure you could do your earth connection to the outside of the case through the screw on the case using a crimp on lug
Someone's been watching lpl:)
Do RC I swear I knew I’ve seen this somewhere. I knew it was lpl, I just can’t find the video he did about this
oh, *Lock Picking Lawyer* ...? Worked that one out after reading another comment; why couldn't you have just said that...?
I've had an idea now for a few years that I would love to have your input on Cameron, and seeing you've now delved into the world of access control (and the current hightened hygiene requirements 😉) it would be a perfect time to bounce this idea off you 😁
A trip switch or magnet on the frame that opens an external latch relay would trip out the door magnet. But not made to keep out the determined
great video and super good explanation of everything. can I suggest that the gap between live and neutral (weld points you did at the back of the board) is not enough for mains voltage) electricity jumps you know!
Also you can make the magnet give way by yanking hard on the door handle.
Potentially depending on how strong the magnet and handle are but they usually aren't too bad if properly installed. However this kit is also available with other locks including drop bolts and various latches which would also be affected by the flawed architecture, it's not only available as a maglock.
Did you add any insulation to the bottom/underneith of the board to stop the wires shorting onto the case?
There was already a platsic sheet in place so it's still in there
Does the input polarity not matter? Both cables red initially
This why these systems need to do the actual processing on the secure side of the door. Something like sending an encrypted payload over the wire with the RFID/Pass information. Even if you took the box out, the encryption keys are burned into the IC.
thats called osdp
Did you install the bleeder tree resistor? Curious honestly.
I'm looking into these for a small rural resort I manage maintenance at. The security flaw isn't too big of a concern considering they still have metal keys and get left unlocked half the time any way. I'm more worried about guest keeping keys and coming back. I'm just not sure if they'll hold up.
In a commercial setting I'd definetely be looking for a better option! Not just for this flaw but as you said, these devices don't provide any functionality around managing/revoking old tokens. You'd really be better off looking at proper access control systems which would allow you to set expiry dates on each card - I have a bunch of hotel keycards that I've forgotten to hand back over the years however I can safely assume that none of them would work anymore since they'd have been used with a proper hotel access control system that can disable old cards, not the case with a cheap device such as this!
I hope people aren’t using these in busy offices... they need to release on fire alarm otherwise after the first person hits the door and can’t get out the whole crowd will start pushing and it’s too late to unlock the door causing TONS of preventable deaths.
If i remember correctly, in the UK there is supposed to be a "break glass" emergency release next to the door (the older sort have actual glass in them that breaks when you press hard, and when the glass is broken, it operates a switch which releases the door, the newer ones have a plastic peice in them which drops down slightly when you activate it)
and the "break glass" emergency release is supposed to be wired so that even if the control system for the lock became unresponsive (to where the normal way of releasing the door doesnt work) the emergency release would still work (in the case of this lock the emergency release would go between the lock itself and the power supply)
True, but equally easy to protect the access to the screw. But excellent initiative to highlight the potential issue 👍
Unfortunately protecting the screw isn't really sufficient as the plastic keypad could be easily pulled/smashed off of the wall. The flaw with this system is an architectural issue - a secure door entry system carries out all authentication and control of the lock from a controller in secure location. The keypad should just be a dumb keypad/RFID reader that sends the data to the controller over an (ideally encrypted) digital link.
Why are you measuring 12v on com-nc? Isn't that supposed to be a dry contact?
Hi Cameron, quick question.
I want to add another RF relay to this system so that its controlled by a remote as well.
How do I go about doing that.
When I connect the second relay the access control system just turns off🥲. No idea what im doing wrong.
So when there's a power outage, the door's unlocked?
Yes, although this is standard for magnetic locks unless you added in a battery backup. There are other types of locks that require a power supply in order to unlock so these will remain locked in the event of a power outage but they would then also require a mechanical override such as a door handle to allow the door to open in the event of a failure/emergency.
Failsafe vs fail secure.
safety vs security
At 6:20 , Can you explain how you wired the 2 red wires from the 3 core flex thats connected to a mains plug?
Can I wire them to a 2 core flex connected to a mains plug?
Do I need an earth wire? And where did you connect the earth wire at 6:20
At 6:20 I temporarily connected it by using a couple of Wago terminals, at 13:29 I show myself replacing these red wires with a piece of proper mains flex wired directly into the power supply as it should really be earthed and having that pair of single insulated wires outside of the enclosure isn't compliant with regulations in the UK.
Hey rookie question here but how would you extend the wires that plug into the junction boxes
what a brilliant design
You don't use a transfo 220v/12v ?
Great video! So what should we use as a somewhat more secure alternative?
como se reseta este modelo tenho um deste que nao tem o jump de reset
How many burglars have the manual to know which terminal is which? I would be interested in watching what happens when the paper clip touches the incoming 240v.
Sure, the average burglar won't have a manual but that doesn't really excuse this flaw, if someone wanted to target a specific lock they could fairly easily figure it out and if enough of these locks ended up in the wild, the process of bypassing them could become common knowledge. As for the 240v comment, the keypad is a 12v device so there's no risk of coming into contact with the mains.
Hi do you know if you can add a back up 12v battery to this system incase of mains power loss
If the keypad has a tamper switch that cannot be easily bypassed and a LDR to sense keypad removal, where the tamper detect circuit disconnect all the cables, this would make it far more secure. The magnetic lock is very
weak and can be kicked open anyway.
solution = pour some encapsulation resin in the rear of the keypad case covering the pcb and connector after plugging it in... or buy a cheap siren and wire it to the NO of the keypad that way it sounds if the wires are disconnected
That would make it harder but then there's still nothing stopping someone simply cutting the wires and joining them together that way. IMO the only way to do this securely is to have the PIN validation and lock control handled by a controller on the secure side of the door and have the external device simply be a dumb keypad that sends the key presses and card data to the controller on the inside of the door.
Is it possible to connect two rfid readers in parallel? ( for magnetic lock)
I've a feeling the mains input side of the power supply had been wired for electrical standards in China, rather than electrical standards in the UK and most other countries.
Can i make a batery to controll + - to have energy all the time if the fuses are down?
Power passed into the control input is purely a signal to control the output, it does not pass through or power the device so this wouldn't work. You'd probably be better off with a higher end access control system that has a proper battery backup facility.
@@camerongray1515 ok but for what's is that batery you have connected on 13:13 seconds on control + and-
That was just to provide a 12v supply to those pins to demonstrate how they'll trigger the lock to open, if the power supply wasn't plugged in, that battery would do nothing.
@@camerongray1515 thanks for the info👍
Great video and very well presented but note the power supply and the keypad are not CE marked therefore should not be sold in the uk. It would be the sellers responsibility to get them CE marked. The fact you had to change the wiring and solder a new cable says it all. It makes the product dangerous and most people would not change it and just use connector block and plug in.
It's great you have shown this product for was it is. Personally would avoid as its rubbish.
Works great on my parents side gate , they love it. Open your mind!! Do you find things difficult?
@paulattree4171 I'm an engineer Paul, so no i don't find things difficult. Open my mind to what? The fact that it is not earthed which by the way is UK regs and the chasis can become live at any time? This is a dangerous product when not earthed. Not difficult to know that if you have the knowledge.
honestly... i'm envious of that giant button. i kinda want to use it to turn on my computer.
very useful vedio .. thank you boss
Glad the comments exist. The lockpicking lawyer already covered this.
There is an easy way to better the security of the control box and the wire harness which seems to be your only issue with this system. The only difference this system has different from the high and low end commercial systems is the key pad is better housing and there you go oh and a battery back up during power lose and tge power in to shut it off is for fire exiting wire smoke detector power out in there and your safe and sound 24/7
With the commercial systems I've seen (Paxton being one that I've personally worked with) the difference is with the architecture. With the higher end systems, the actual controller that connects to the lock and that handles the logic is separate from the keypad. The controller can therefore be stored in a "secure" location (often even simply on the wall inside the door) then all the keypad does is send keystrokes or card information to the controller. The controller then handles all authentication. If someone is able to break the keypad off the wall, all they have access to is a digital connection which if designed correctly, cannot be used to open the door.
I agree they are able to do oh so much more but your getting what you pay for you pay little you get little. But even the high ends have draw backs its a give and take world i guess. And i did enjoy the video it just had me thinking how to over come some of short coming to make it a little better and keep it cheap. I used to install the bigger much much bigger system and miles of wire in nursing homes and businesses about, wow... 20years ago. But thank you for the video and ill be checking out more for sure.
Good job
How to reset this device...
its definetely secure cause if u dont know u dont know... even the most secure lock if u find the loophole hey its over with just the same.....
I find it amusing that a 6W magnetic lock can easily defeat me in a pulling contest. en.wikipedia.org/wiki/Electromagnetic_lock#Electrical_requirements
The problem with the system is the accessible screw on the reader. If you replace the reader with one that prevents easy physical access, then the system becomes quite secure.
The issue is that the processing is done on the insecure side of the door, even with a better screw, the outside unit could still be forced off the wall with a crowbar.etc. For a system like this to be secure, the external unit should purely read PIN numbers and card data and send it over an encrypted digital connection to a controller on the secure side of the door, this controller is what validates the data and ultimately controls the door lock. That way, if you force the external reader off the wall, all you'll have access to is a digital connection that you can't compromise by simply shorting wires out.
Watch 30:22
You could replace the screw with a less common one, torx or the type that is 2 dots. Sure if someone had the screwdriver bit for that type it would be the same but your average joe burglar isn't toting a snake eye screwdriver.
edit: I suppose it wouldn't help against the smashing...
Another issue with it is that a magnet could be used to activate the relay in the keypad, which causes the door to unlock
Radical idea here.. How about they design a keypad where the electronics actually doing the checking and unlocking are in a box on the back of the doorframe, with the box at the front containing only the electronics required to run the keypad and RFID reader? I realised that is likely how more professional systems are designed.
That's exactly how the professional systems work - there is a control unit located on the "secure" side of the door (or even locked away separately) that handles all authentication and connects to the lock (often also has a battery backup). The card reader/pin pad.etc then connects to this unit using a digital connection that simply sends key presses/card data, if someone were to break off the keypad/card reader, the most they can do is access these digital lines which are of much less use for opening the door. Suspect you may be able to brute force codes by simulating a keypad on these digital lines although this could be mostly solved by rate limiting.
@@camerongray1515 there is an attack that someone has done with the better systems, where they installed a device of some sort (which essentially grabs the credentials when someone scans a card, and can then use that credential to unlock the door for the attacker)
That's definitely true, they can often be defeated with fairly standard card cloning type stuff, but that would take a lot more effort, skill and hardware than something like this that could likely be done purely with physical brute force. Card cloning can usually be overcome by additionally requiring a PIN after scanning a card essentially implementing 2FA. This is standard in most higher security applications.
Just bough one of this cheap access control set, and you know what?) They filled the whole scheme's back with epoxide so you don't have a chance to make that fancy move anymore)
Interesting, I imagine it's more of an attempt to seal it against moisture rather than any sort of security improvement. If the device is architected the same as the one I showed here (i.e. where all the processing is done by the external keypad) then you're still vulnerable if an attacker can get to the cable.
Just got one too and my back is fully open
Seperate question though and maybe this is my being stupid.
I can't get it to power with a 12v batter back connected to the PSC
Basically that's how easy it is to defeat cheap access control systems IF CARELESSLY INSTALLED.
Unfortunately the issue goes beyond how it is installed, in my opinion there would be no safe way to install this system as the wiring to open the door will always have to be connected to the reader on the outside fo the door. In my mind, the only way to correctly do this is to have a dumb card reader/keypad on the outside of the door connected over a digital connection to a controller in a secure location with the controller switching the power to the lock. That way, if the card reader is removed, the attacker will only have access to this digital connection which can't simply be shorted out to unlock the door.
@@camerongray1515 I totally agree. I have those cheap ACS installed on my clients, as much as possible, no wirings must be easily accessible outside, if possible, chip a portion of the wall to submerge all the wirings or even the reader/keypad itself. We have better ACS systems thou most of my clients prefer this type of ACS. The price of good ACS comes in to factor as well.
@@JericDacara I think my fear with mounting it that way would still be that at least with this one, it's only made of plastic so simply smashing it with a hammer from the front could give access to the wiring inside. I definitely agree that the "proper" systems can be significantly more expensive though.
Its from Amazon, what do you expect for that price ! lol
I buy prison electric locks, actual American access control keypads made for vandal resistance, and they are much much harder to defeat. Anything can be defeated given enough time and resources which, outside of a prison or asylum, can be done. But I digress
With this it's very much down to the system architecture rather than the actual physical hardness. Even a cheap plastic keypad can be perfectly secure if the actual processing is done on the inside of the door and all the keypad does is send a digital signal of keypresses/card information to a controller in a secure location. A super robust metal keypad is still flawed if it's possible to simply short some wires inside to open the door. The issue with the system I demonstrated here is that the wiring behind the keypad has a wire that can simply trigger the door to open. If all there is behind a keypad is a digital connection to an external controller, it's not going to be possible to attack this without simply brute forcing codes down it and even that could be prevented if the digital signals are encrypted. At that point, it would be easier to physically break the door down rather than to bother attacking the access control.
@@camerongray1515 Hmm.. Since I got your attention on this, and indeed you seem to be one of a few that actually plays with this stuff like me, could you do a very very simple test? Place the keypad behind a piece of 3/4" thick board like what you used to mount it but try to trigger the keypad by putting the fob to the board instead of direct to the face of the keypad. Will it pick up the signal THROUGH a WALL? That is the experiment. See, IF that is possible, you can HIDE the keypad INSIDE the wall but behind a skin thin enough to allow the RF signal to pick up the fob but thick enough to still be THE WALL. Inside a house or office the wall hiding the keypad face would be drywall or plasterboard as is called in some places. But on a BRICK exterior though? Hmm, a thin fake brick tile in front of the keypad hidden inside a recess in the wall? You can test this by placing a ceramic tile or piece of plasterboard in front of the keypad and try to trigger it with the fob. See, that is the idea I have to resolve the OBVIOUS device next to a door conundrum I am having in a bad neighborhood where break ins ARE prevalent. The door and prison lock then become real secure if the thief can not SEE a keypad or keylock switch to try and tamper with. And yes.. a controller placed in a secure location is key here lol! I have read some keypads with RFID sensors, allow you to remove the RFID sensor part and place it remotely some where to trigger the keypad too, but without the keypad electronics being present at the remote location, without having to buy some expensive networked access control system to achieve this. The manual PDF states you can place the plastic RFID sensor that just has the 2 wires attached to it, to say the outside of your front door with the keypad on the inside in a secure location. The keypad is made of plastic too so that makes sense no? BUT, can you HIDE the sensor behind say plasterboard or a thin brick and have it still work? THAT is the experiment I am wanting you to try since you DO have a keypad like that. Shoud be simple and real quick to know if the RFID signal is strong enough to pick up through tile, brick or plaster or wood panel.
Unfortunately I can't really test much with this since I'm currently using the power supply for another project and the rest of the parts are stored away although I imagine it's very dependant on the reader and fob used as to how strong the signal is. That said, a properly designed system with a reader that has a purely digital interface to a securely stored controller should be totally secure and can't be tampered with from the reader. Systems like these are commonly deployed in many high security applications such as datacenters without issue. I can't imagine hiding the reader to have any real benefit from a security perspective. You'd also realistically need some sort of manual override in the event of a system failure (either to cut power in the event of a fail safe lock or some sort of manual key lock if a fail secure lock is used). This is likely to be a much more likely plan of attack, the average burglar isn't going to be attempting to exploit a controller through an externally accessible digital connection.
Additionally, in high security environments it's important to have multiple factor authentication, you'd usually have both a key fob/card and then have to enter a PIN into the reader. This prevents people being able to use stolen/cloned cards as they won't know the PIN. Therefore you'd need to have an accessible keypad to enter the PIN.
Then again you do realise that they could have a normal door lock and they're only using this is a second-hand solution
They could and assuming you'd need to use both locks or if this is only used as a sort of basic form of access control when the main lock is unlocked then it's not necessarily dreadful assuming the risks have been considered. The issue is people fitting these in situations where they're the only form of lock on something that should be kept secure. I've seen these things used on "secure" car parks and doors to apartment buildings as the primary lock.
@@camerongray1515 I get what you're saying because there are some access control systems that are lot more secure for example Paxton net2 access control uses proximity readers and proximity fobs and it's configure the on a PC which I think is pretty cool what I'm going to be getting for my shed is a Paxton switch 2 controller to use on my shed but I also have a padlock installed on the shed door which makes it extra secure
Yeah, those systems do it correctly by keeping the actual brains that control the lock in a secure location so if someone were to remove the reader, there's not much they can do as it's a digital connection. I've used Paxton net2 briefly in a commercial office (although admittedly just to enrol a card, I didn't actually install it). My fear with the cheaper systems like the one shown in this video is that people see the Paxton systems in use in commercial settings then see the cheap devices on Amazon and think of them as being the same thing.
power outtage will no matter what make the entire system non powered and wouldnt be magnitized anyway.
He’s jumping the relay. This could be done on a lot of systems. Even expensive ones.
A high end system will have the digital processing logic running on a controller in a secure location, on the outside of the door you would have a dumb keypad that would send a digital signal to the controller containing card information/pressed buttons. If an attacker were to remove the keypad, all they would have access to is this digital connection which can't simply be shorted out. With the system shown here, the system simply sends an open signal directly to the relay which can be shorted out easily.
Jeeze... this is too easy to hack lmfaooo. Thanks for this video... have 2nd thoughts in getting this. This is why I hate company's design system, it's best to use all pure software, fully custom centralized system where the software reads all inputs. These are know as ur Arduino lock systems which is much safer than standalone systems.
You have to install this particular keypad module with the screw hidden from a person like yourself digging around there, obviously. Any professional knows this and would install the keypad flushed to the wall. But I have to agree, the screw right beneath the keypad is really stupid, using an ordinary Philips screw some, effort should've been given by the company to make it difficult to open easily. It's going to be really tricky to hide that bottom side screw and making it legitimately hack proof.
The issue is greater than just the screw, even if the keypad was mounted flush, it could still be destroyed by hitting it hard enough which would expose the wiring. The way this should be done (as is the case with professional systems) is that the device on the outside should purely read card details and key presses and send these over a digital connection to a device on the "secure" side of the door which checks the code/card and operates the lock. With this, even if the card reader is totally ripped off the wall, all an attacker will have access to is this digital connection which can't simply be shorted out to open the door. The worst that could be done would be to attach a device to this digital connection to brute force a code but even this could be resolved by using encryption across this link.
I had to check my playback speed to make sure you are not on 2x...
IM GOING TO USE IT FOR A HIDDEN DOOR
gg my home feed
no sense video, the access controller must be in the indoor , the magentic lock too. An slave reader is settle al the outdoor.
This system doesn't have any sort of ability to use a "slave reader" and it clearly is designed to have the keypad on the insecure side of the door and the push to exit button on the secure side which is the issue. The way to do this correctly is to have an access controller where the actual processing is carried out by a device in a secure location which is connected to a dumb keypad on the outside of the door over a digital link. IMO there is no way to install the system shown in this video without it being vulnerable.
I'm NOT going to watch this video. I know you are going to talk about the lock relay being in a Keypad or reader available to anyone that is on the Unsecured side of an access control point. YOU get what you pay for!!!!!!! If you want to post a 32 minute video about defeating a CHEAP access control system go ahead. I am a professional security technician. I can assemble a door that I promise you that You CANNOT defeat.
It's not like I forced you to watch the video... The point is to demonstrate the issue to people who don't understand the security risk of such locks and end up using them where they're not suitable. It's not like I'm trying to act like some sort of security defeating god... No need to flex that you can assemble an undefeatable door, I'm not saying that I can defeat anything that's designed properly!
@@camerongray1515 Gotcha.
ARE YOU SPEAKING IN ENGLISH?