New York City Apartment Residents Sue Landlord Over New Smart Locks [Updated]

from the cutting-your-night-short-because-your-apartment-key-is-dying dept

UPDATE: A spokesperson for Latch sends the following message, clarifying that the locks at the center of this lawsuit do not require a smartphone to open (emphasis in the original):

The residents of the building in question were given keycards to access the locations where Latch was installed to specifically negate any resident needing to have a smartphone app to unlock the building’s doors. (As you likely know, keycards and key fobs have been a common method of entry for decades.) Latch is sensitive to the different preferences and routines of its users, which is why it offers users three methods of entry—residents can use the smartphone app, a doorcode, and a physical keycard. Latch is the only smart access system that provides all three of these methods.

Nothing like rushing home to put your phone on the charger only to realize you can’t get into your own apartment without a charged phone. Getting into locked out of your own place: there’s an app for that. Maybe the app — and the smart lock it engages with — works fine 99% of the time. The other 1%, however, will see you locked out, even after performing an interpretive dance with your emotionless partner.

The Software Shuffle:

If your Latch App is unlocking from too far away

1. Navigate to ‘My Profile’ in the left menu

2. Change the ‘Unlock distance’ to ‘Near’

The Latch device is not unlocking when I hold my phone close to it

1. Navigate to ‘My Profile’ in the left menu

2. Ensure ‘Hold-Near to Unlock’ is on

3. If problem persists, change the ‘Unlock distance’ to ‘Nearest’

The Hardware Hustle:

The numeric LEDs are not lighting up when I touch the Latch Lens

1. Ensure you are tapping the center of the Latch Lens to wake it up

2. Tap with the pad of your finger to ensure the Latch Lens registers your finger. Sometimes small fingers or the tip of your fingers do not register on the Latch Lens

3. Power reset the Latch device by removing the batteries or in the case of Latch R, resetting the power to the Latch R


The Latch Smart Lock — pictured and detailed above — is at the center of a recent lawsuit filed in New York. Residents of an apartment complex whose main entrance lock has been replaced with the unblinking Latch eye are suing their management for making their lives more difficult.

A group of tenants in a Hell’s Kitchen apartment complex say they are being locked out — by technology.

And now they are suing their landlord for the return of their low-tech keys to the front lobby.

“It’s ridiculous that everyone is spending all this money to go to court just to get a key,” said Mary Beth McKenzie, 72, an artist who has lived in the West 45th St. building for nearly five decades. “For 45 years I’ve had a key. And now, we can’t get keys.”

One longtime resident — a 93-year-old man — has decided to become a shut-in, rather than wrangle with the tech. There’s still a standard lock guarding another entrance to the building, but it does not provide access to the elevator. Three flights of stairs isn’t really an option, so he’s chosen to forgo venturing out of the building.

In addition to limiting access to those with compatible smartphones, the new locks require tenants to sign an 84-page agreement with the manufacturer. The smart locks also notify landlords of tenants’ entrances by default. This “feature” can be turned off by end users (renters), but it really seems like something that should be opt in for renters, rather than opt out.

While building owners are given plenty of leeway when it comes to security, replacing physical locks with a smartphone-dependent product isn’t really the way to go. As ubiquitous as smartphones are, there are still renters who don’t own one. The thing about this case is that there’s still a regular lock in place. It’s just that the landlord won’t give tenants that prefer the old school approach keys for the lock.

The city’s Department of Housing Preservation and Development had previously slapped the owners of the building with two violations for capping the keyhole on the lock to the lobby door when they introduced the technology. The violations were removed last week following a second HPD inspection. The owners removed the cap from the lobby lock, but still did not issue mechanical keys to those tenants who asked for them…

Yeah, that’s not going to look good in court. The management company had a chance to make everyone happy. Instead, it chose to piss off a few tenants repeatedly.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “New York City Apartment Residents Sue Landlord Over New Smart Locks [Updated]”

Subscribe: RSS Leave a comment
Anonymous Coward says:

are suing their management for making their lives more difficult.

Tim, you forgot to link the original story. It adds some detail you didn’t mention: the hypothesis that this is a way to drive out rent-controlled tenants, some of whom are elderly and don’t have or want smartphones. That means it’s not ridiculous—it’s logical, though offensive.

A related problem is that landlords cannot generally modify lease agreements. Forcing existing tenants to enter into a contract with a third-party is probably not legal.

Anonymous Coward says:

Just wait until someone breaks in via the smart lock

I think I will have popcorn ready for the first smart-lock-abetted burglary. And no, it does not take 1337 h4x0r skills, or even script kiddie skills, to defeat most of the smart-lock products out there. Most of them are made in a consumer-electronics-y fashion that disregards the well over a century of accumulated physical security wisdom that today’s mechanical locks have available to benefit from, and as a result, can be broken into with basic hand tools and a trifle of knowledge and/or ingenuity. (Wouldn’t surprise me if most of them were easier to break than a stock Kwikset-clone…you at least need a rake and tensioner for the Kwikset!)

There are two rays of hope here, though:

  1. The Latch appears to be at least somewhat better made than consumer grade smart locks, although the R-series being in a card-reader position raises questions, as certain door fitment vulnerabilities are endemic to card-reader secured doors. (Ask Deviant Ollam about how often he’s able to latchslip card-reader doors sometime, or just watch his talk on The Perfect Door where he discusses this issue in some detail.)

  2. The Latch uses MiFare Classic — it wouldn’t surprise me if it could read a "dumb" access card that’s been configured appropriately to work with the system. With a bit of testing, this could be a good alternative for folks who don’t have a smartphone, or don’t use it for NFC, but have no choice but to deal with a system like the Latch.
Anonymous Coward says:

Re: Just wait until someone breaks in via the smart lock

There are two rays of hope here, though:
The Latch uses MiFare Classic — it wouldn’t surprise me if it could read a "dumb" access card

The NYT article said the owner gave people such cards after being forced by the city. But is that really a ray of hope? Wikipedia says most access control systems switched from MiFare Classic to DESfire because that’s more secure, and DESfire was broken in 2011. "The attack… recovers the secret key in about 40 ms on a laptop. This attack requires just one (partial) authentication attempt with a legitimate reader."

disregards the well over a century of accumulated physical security wisdom

It’s not even that. As you say, at least a person needs tools to break physical systems. When a "smart" lock is broken, one could instantly publish an app worldwide that allows every similar lock in the world to be broken. Maybe a self-deleting app, so as to leave no evidence leading back to the criminals.

Anonymous Coward says:

Re: Re: Just wait until someone breaks in via the smart lock

  1. You do have a good point in that MiFare Classic is a fairly obsolete protocol at this point in time; it does mean that the Latch’s manufacturer at least is wiling to pay some lip service to open protocols, instead of rolling their own secret sauce, though.
  2. I was leaving infosec attacks on smart locks aside under the assumption that most folks of a criminal bent are going to stick with the tried-and-true. You are quite correct though that a devious black-hat could cause some serious ruckus by packaging a reliable smart-lock crack into a neat wrapper that doesn’t require ranks in Use Magic Device to operate.

Of course, all of this is only as good as the door installer…

Anonymous Coward says:

Re: Re: Re: Just wait until someone breaks in via the smart lock

most folks of a criminal bent are going to stick with the tried-and-true

Think of the next generation of criminals. Buy an exploit on a shady market (it happens now) and walk in like you live there. People are boosting cars and looting hotel rooms through electronic means.

Of course, all of this is only as good as the door installer…

If someone sees you sticking tools under the door you may get some trouble. (Admittedly, Deviant is already good at making physical attacks look innocuous, but he’d still have a bag of physical evidence if caught.)

ECA (profile) says:


Not what you think..
Im old/new hat…and watched this happen allot.
Someone thinks "THIS IS NEW IT MUST BE BETTER", is REALLY stupid.
Tech can be better, but 90% of the time it isnt.
Its like a DEAD BOLT LOCK, Digital password, but also has Keyway to unlock…WHO needs the passcode if you can get thru the Cheap Key way..
Then there is the Total digital that needs a code, Manually input, and it uses POWER to unlock the deadbolt..And wastes Power and never works if you didnt recharge the batteries..
Then there are good ones, that have Dont turn the deadbolt, last for over 1 year on battery, and Battery recovery, IF it fails..

There is the security system that requires Access to your router, BECAUSE nothing is saved to your System…WHICH if you are smart is a Small NAS, hidden someplace in the house..and costs you nothing.

Tech is simple if you have abit of knowledge, but companies Like to make products that Make THEM money for ever..

Anonymous Coward says:

Re: Re:

Who the hell is going to sit there and read that?

Nobody, but it’s not like you’ll see it on paper. You’ll see a textbox with an "Agree" button, and almost everybody clicks "Agree". I saw an automated bicycle rental kiosk with an agreement longer than that (the "pages" were only 5-10 lines long due to a cheap display… the "page 1 of 125" or whatever was comically absurd, but lots of people were putting their credit cards in).

What’s in it? I’d guess some privacy policy incorporated by reference, which says you have no privacy, and a statement that you’ll pay the company’s legal fees (i.e. indemnify them) if your insurer sues them for incompetence after a burglar steals all your shit.

That Anonymous Coward (profile) says:

Yeah @hacks4pankcakes on teh twitters had something similar to this happen.
It seems some startup got a large corporate landlord to switch all the buildings over to their super duper system.
You have to plug their special router into your internet…
You have to be okay with your landlord & the startup knowing when you are home, what temp your HACV is at, when people come and go…
Oh and the lock they are using has really bad reviews online…
Oh did we mention that there isn’t a mechanical part on the inside so you can end up locked in your apartment?
Oh and if the battery didn’t alert you, you can run out and buy a 9volt battery to connect to the external power connectors so you can get inside your home… & lets hope you have the right batteries inside to replace the dead ones otherwise… you’re not getting out.

Internet Infosec well known person took a meeting with ownership, laid out the issues… they are still rolling it out.
I wonder what their insurance costs are going to be once someone managed to hack this series of Internet of Shit devices mashed together gets breeched & entire buildings end up unlocked randomly.

John85851 (profile) says:

What happens during a black-out?

So what happens if there’s a neighborhood black-out? Does the Latch have a battery backup? If so, how long does it last? And if the power goes out and the Latch battery dies, will everyone be locked out? So how is this better than physical keys that have been in use for hundreds of years?

Okay, sure, I haven’t read the specs on the Latch, but this would be an interesting point to bring up.

Anonymous Coward says:

Re: What happens during a black-out?

So what happens if there’s a neighborhood black-out? Does the Latch have a battery backup? If so, how long does it last?

If management is any good, it will last as long as the building’s emergency supply for stairwell lights, fire alarms, emergency elevators, etc.—there are likely regulations about the required time. If they made the mistake of using a battery instead of a generator, UPS-style batteries can often run electronic entry systems for about a day, and then you’ll be propping the door open if there’s no doorman. (In this story, the electronic system is for the building entrance, and the individual units still use keys.)

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...