This reminds me strongly of an ex-employer of mine, whose response to a security vulnerability was inevitably "our customers won't do that". It's one thing to have a threat model, it is quite another to dismiss low-hanging fruit (and trust me, whatever "smart" lock you have is very low-hanging) as not a big concern.
This reminds me strongly of an ex-employer of mine, whose response to a security vulnerability was inevitably "our customers won't do that". It's one thing to have a threat model, it is quite another to dismiss low-hanging fruit (and trust me, whatever "smart" lock you have is very low-hanging) as not a big concern.