Jump to content

Set and delete PINs for locks via programs


fryfrog

Recommended Posts

Posted

Wait, what?

You can already set and unset PINs on the ISY, you just have to do it manually. I don't have any trouble doing this w/ my ISY and locks in their normal positions at two different houses.

 

I just want to be able to do it via program, so that a) setting 4 locks is simpler and B) setting / unsetting can be scheduled.

Posted

Seems strange that such a security exposure can be done that way.   if the locks allow it than they must not consider it an issue.

Posted

Hi fryfrog,

 

It's on our list but very low priority since, as LeeG suggested, it's a security exposure, very intrusive, and we have to make sure we don't do anything that cannot be audited and prevented.

 

With kind regards,

Michel

Posted

Okay so...

 

From a program I can *LITERALLY* lock and unlock a door. What additional security is there by not being allowed to set and unset PINs from a program? What would I do, set myself a PIN by hacking the programming on an ISY so that I can unlock the door? That doesn't make sense, because gosh... I can just unlock the door from a program.

 

Okay, so maybe you screw up your program and it sets or unsets your PINs? I wouldn't call that a security issue, but it would certainly suck. If you screw up the programming on one that has lock/unlock in it, you could *literally* leave your house unlocked instead of just messing with the PINs on it.

And it isn't the *lock* that allows PIN setting and unsetting from a distance (well, it is), you can *literally* set and unset the PINs on a lock from the ISY's UI. You just have to go to each one, click a button, put in the PIN, click another button, wait for it to say it worked.

But I do get that it is low on the priority list. It certainly isn't something that'd be used by a lot of people.

 

My *primary* best use case is that it'd let people keep PINs in sync easier and more reliably. They could write one disabled, scratch program that sets a user's PIN to a value either hard coded or in a variable, run it and then delete the PIN from the program. Now instead of 4 clicks *per lock*, it is hopefully just a couple (depending on what the programming allowed). A big time saver, if you have more than one or two locks and find yourself making PIN changes with any regularity.

 

Second best use case is scheduling of PINs for locks that don't allow scheduling. Want to only let the maid in on Thursday and Friday? Disable the PIN Sat - Wed. Want to give each of your AirBNB customer's their own unique PIN that only works for the time they are there? Program it!

Have I missed something that you guys are talking about wrt "security" being an inhibitor for this feature or have you guys just improperly grok'd it?

Posted

Someone could lock you out. On the other consideration, low priority simply means that there are more important tasks to accomplish. It doesn't mean that it's not a good idea.

Posted

I totally accept it is low priority, but it should be low priority because it isn't a feature that would benefit many people...

 

Not because it is a security concern. If the batteries in your keypad die, you'd be locked out of using your PIN too. And if someone could lock you out by *programmatically* changing your ISY, they can *also* lock you out by *manually* changing or disabling the PIN using the ISY because you can *manually* do this now, just not via program.

But again, hardly anyone would benefit from this feature so I'm totally fine w/ it being low priority and I'm glad to see it is at least on a list somewhere. Looking forward to all the stuff in 5.x that far more people would get use of! :)

Posted

But again, hardly anyone would benefit from this feature so I'm totally fine w/ it being low priority and I'm glad to see it is at least on a list somewhere. Looking forward to all the stuff in 5.x that far more people would get use of! :)

 

I'd certainly benefit. Our walk-in gate and driveway gate both allow me to manually program a code for 1 to 8 days. The code then disappears. I'd like to be able to do that with house entry locks B)

Posted

I'd certainly benefit. Our walk-in gate and driveway gate both allow me to manually program a code for 1 to 8 days. The code then disappears. I'd like to be able to do that with house entry locks B)

 

Hey now, that is a fantastic use case.

Posted

 

 

Someone could lock you out.

I don't know about anyone else, but I have an old fashioned key for circumstances like this, or more commonly a flat battery.

Posted

Actually, we do have keys-and more than one entry B)

  • 1 year later...
Posted

This is a rather old thread but it looks like there is still no way. I would certainly benefit from this feature.

Edit: It looks like you can do it with the REST API. Investigating that now.

Double edit:

Works with the REST API:

Example for others:

 

curl http://admin:ISYPASSWORD@ISYHOST/rest/zwave/node/DEVICEID/security/user/1/set/code/1234567

 

Posted

As somebody pointed-out the other day, you can use the Network API to send requests to the REST API. It's a strange round-about technique, but it has some use cases!

 

I will mention this possibility to a friend who has several apartments he AirBNBs.

 

 

Someone could lock you out. 

 

Friend I mentioned above had this happen. Just not with a home automation hack.

 

He was working on an apartment, and left it with no cylinder in the lock. So, anybody could walk in.  While he was away to get some parts, a homeless person "moved in".

 

But they were a security-conscious homeless person, and handy to boot. They broke in to another unit, took the cylinder from the lock, and installed it in the lock of the apartment they'd moved in to. I guess they preferred the first apartment!

 

My friend came back to continue work on the apartment, but could not get it. He called around to his resident manager, etc. to see if somebody had installed the cylinder. Nobody had.

 

Then he noticed the cylinder missing from the OTHER apartment! He put 2 and 2 together, and entered the apartment with the key from the other apartment.

 

Fortunately, there was no confrontation with the homeless person. He had stepped out. But he left a note that he was "the new tenant", and that he would "return later to collect his stuff".

 

His "stuff" included his cell phone! Which was turned-in to police along with the rest of his stuff.

 

He came back later trying to get in. The police picked him up in the neighborhood around 2AM. Well, they knew exactly who they were looking for! ;)

Posted

This is a rather old thread but it looks like there is still no way. I would certainly benefit from this feature.

Edit: It looks like you can do it with the REST API. Investigating that now.

Double edit:

Works with the REST API:

Example for others:

 

 

I'm pretty new to z-wave and the rest API. Is that a generic interface to a lock you posted? I have the Schlage Connect, and I would love to be able to schedule key code access.

Posted

I'm pretty new to z-wave and the rest API. Is that a generic interface to a lock you posted? I have the Schlage Connect, and I would love to be able to schedule key code access.

 

No. It is the opposite.

 

It is an interface TO THE ISY.

 

It is included with every ISY - Network Module is not needed.

 

You can send a request from some external equipment (and easily test using a browser or command-line with cUrl) to the ISY to run a program, turn a device on/off, turn a scene on/off, etc. And may other things.

 

With the optional Network Module, you can send requests FROM the ISY to external equipment.

 

There is a hack, though, to send a request FROM the ISY TO the ISY. It will allow you do do some things that you currently can't do with a program. 

 

There are some things you can't do from a program (yet). Yet, you CAN do them by sending a REST request to the ISY. And you can send REST requests from a program. (If you have the Network module.)

 

So, the hacky way is to send a REST request from a program not to some external equipment, but to the ISY itself. 

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...