Episode 27: What We Learned From Getting Robbed
Technology and Tools to Help Prevent (or Recover From) a Burglary
photo by Matthew T Rader on Unsplash
Hi everyone and welcome back. If you missed Episode #26, that’s because you’re not a paying subscriber. That episode was about a new password manager that I love and am now using after being a dedicated user of LastPass for years. My new password manager is 100% free, 100% open-source, and works on all computers and mobile devices. Please: become a subscriber and support independent technology journalism.
Now, let’s move on to the meat and potatoes…
We got burglarized three weeks ago.
The thieves (we don’t yet know if it was a crew but I’m guessing it was) took two Apple computers and then fled our home. Three different homes in our townhome community were hit, all between the hours of about 2-5am. My wife, our 17-month-old son, and I were all in the house when it happened.
The same pattern played out in the other homes: the robbers broke in, grabbed small electronic devices along with any nearby wallets, and then fled. No one was hurt and it doesn’t appear that the thieves were interested in confrontations of any kind.
How They Did It
Each of the three break-ins that occurred used a different method.
In our case, we pieced together what happened, and - honestly - it’s incredibly embarrassing to share. That being said, I’d much rather be embarrassed and possibly help some of you avoid our fate than try to save face and allow the problem to continue.
To pull off our break-in, the thieves walked down the street and simply looked for cars that were unlocked. When they got to mine, they discovered that it was. They found my garage door clicker hidden in the closed armrest storage bin. Then, they walked behind our townhome, found the common driveway that we share with our neighbors, and clicked our remote until they found the door that opened.
When they entered our garage, they found that the door to our basement/media room was left unlocked. So, dear reader, these thieves literally walked into our home. My wife’s Macbook Air was on her desk. Our Mac Mini was on a shelf nearby on our media table. They grabbed both computers and power cords. Strangely, they disconnected all of the external devices from the Mini and left those behind including a 6TB external USB drive and a prosumer audio receiver.
Had they gone upstairs to the main floor, they would have found the lights on, and my MacBook Pro on the dining room table. They also would have had access to our wallet and purse by the front door. Perhaps they would have taken those. They did in the other homes they raided.
We now believe that our leaving the lights on (by mistake) might have scared them off. We also believe that our being awake at about 3am might have also scared them off. I was up to go to the bathroom; my wife was up a bit later because she’d heard our son. When she saw the lights on, she went downstairs to the main floor see if I was awake for some reason.
“David….?” she called out as she headed down our stairwell to the livingroom. “Are you down there?”
When she heard nothing, she cut the lights and went back to sleep. Is it possible that our unexpected actions during those early hours scared off further thefts from our home? We’ll never know for sure. But we do know that the same group of thieves DID go upstairs to the main floor in the other townhomes they raided. So, we’ll take the lucky break and just say we’re very grateful they didn’t come upstairs in our home.
What We Did Right
When reviewing what happened, my first instinct is to blame ourselves for what we did wrong. That’s probably normal. However, I think it’s also important to share what we did correctly. And we actually did a bunch of things correctly:
Once we pieced together how the theft had occurred, we touched nothing else and called the police and provided our computers serial numbers. A county Sherriff was out within 30min to take our statement and see about dusting for prints in our basement and around my car (he said there wasn’t enough to go on, sadly).
I checked online with our remote, offsite backup provider, iDrive. Sure enough, all but a few things from my wife’s Macbook Air had been backed up to the Internet. Huge relief there. That meant that her business was safe and that she’d still be willing to remain married to me :) Did iDrive save my marriage? No. But maybe. Thank you, iDrive.
Next, I logged on to our AppleID accounts and checked to see if the “Find My Mac” function could place the stolen computers. Not surprisingly, it couldn’t. The thieves would know to not place them online that quickly. I issued an erase command for both computers when they next went online. Apple has a knowledge base article on how to do that if you’re not already aware.
When our two Macs finally DID go online, those remote erase commands were issued and Apple sent me emails confirming this. I then contacted the detective assigned to our case and made sure he knew how to contact Apple to request IP information as a member of a law enforcement agency. Apple refused his request which might be the subject of a future episode.
Finally, we spoke to our insurance company, learned what our policy would cover, and ordered replacement computers. We got a new Macbook Air for my wife and a new Mac Mini for our media server. Insurance covered all but $300 of the new purchases.
So, not all bad. We chose the right backup software and used it correctly. We’d added our computers into our AppleID accounts so we could track and possibly find them and - if not - at least erase them. We also invested in decent insurance coverage which helped cover the cost of replacing the new computers.
We also left the lights on the main floor turned on. That was an accident, but - in this case - it might have been a very helpful accident. So, we’ll take it.
Fun Shortcut: you don’t need to log into your AppleID account on a computer to gain access to certain data. If you have an iPhone, you can open the Preferences.app and there - right at the top! - is a button I’ve highlighted in a red box (below and at left). Press that button, scroll down to the bottom, and there you’ll find individual listings for every Apple device you’ve added to your AppleID account. Opening any of these devices reveals their model, OS version, and serial number. Here, at right, is the info page for our stolen Mac Mini.
You’ll note that I left my serial number in plain site here. That’s intentional. If you can find this stolen Mac, I’ve got a fun reward for you. #NotJoking
Where We Need to Improve
So, let’s state the obvious: we clearly made some errors in judgment here. So, let’s take an unflinching look at what we overlooked and what we need to change. Let me start by saying this: we’re parents of a 17-month-old during a pandemic and have no safe access to babysitters, daycare, nannies, or grandparents/family of any kind. We’re co-parenting fulltime and we’re exhausted. If you know parents of young kids, you’ll understand what that means. If you don’t know parents with young kids, it’s probably because they’re too damn tired to leave the house and meet you.
While our exhaustion isn’t an excuse for what happened, that reality has now informed some of our decisions moving forward. These include:
I can’t leave my car unlocked. While I’ve been really good about locking my car, that night I forgot. That fact alone allowed the thieves to grab our garage remote and walk into our home. Yes, I know that there are cheap devices that can remotely unlock cars, but that’s not the point: I didn’t help our cause by leaving my car unlocked.
We’re no longer leaving our car keys or wallets by the front door. This is just asking for trouble should a thief enter the home. We got lucky this time (other neighbors had theirs stolen), so best to not let it happen in the future.
We’re putting our car keys into metal boxes. Newer car keys use a radio transmitter to lock/unlock car doors and, in some cases, even start the engine. That technology is known as Radio Frequency Identification or “RFID” and has a long-known, inherent problem: the radio signals can be intercepted and copied. The solution? Wrapping your keys in metal. This solution works because the metal prevents the key’s radio signals from escaping the metal enclosure. Go the cheap route and use tin foil or an empty Altoids tin. No, I’m not joking. Or, if you’re willing to spend a few dollars, buy something more tailor-suited for this purpose.
We installed smart locks on our doors and set them to auto-lock behind us. When you’re sleep-deprived, your brain doesn’t work well. We’re both sleep-deprived, so we needed a solution that made sure our doors were locked, even if we forgot. Smart locks from two different top-tier companies provided the hardware. I’ll discuss which products I purchased - and why - in the next section.
We’re never using a garage clicker again. We have a backup clicker, but I’m not going to reprogram it. Instead, I’ve reprogrammed the numeric touchpad system on the outside of the garage after the burglary and we’ll just use that. Does having to exit the car and tap in a code to open the garage door mean that we might get wet when it’s raining? Yes. But does that prevent someone from grabbing our garage remote and using it? Also, yes.
We’re bolting our garage door down at the end of the day. Our garage door is a convenience for us but that also makes it convenient for thieves. There’s a popular and easy way to manually open any remote garage door with a long wire or coat hanger. To prevent against that, we’re now using a sliding latch (see pics below) to ensure our garage door remains locked in the down position. That way, even if someone were to obtain our door code or use the coat-hanger-trick, our door remains shut.
The Hardware We Bought
I spent the better part of two weeks researching what was available and digging into details. I bought two, new locks for each of our entryway doors. Those two purchase, I feel, meet my criteria when purchasing any security product or service:
it helps increase my safety and/or security
it prevents others from gaining access to me or my information
it allows for some amount of automation
The automation I sought was auto-lock functionality. Since we’re exhausted parents who sometimes forget to lock our doors, I invested in deadbolt locks that would auto-lock themselves in case we ever forgot.
Second, I wanted to cover the possibility that we might forget our keys and lock ourselves out of the house. Therefore, the deadbolt locks I purchased are both equipped with programmable numeric pads in addition to the traditional key lock. These pads offer the ability to enter a numeric password to unlock the door without the need for a physical key. Even better, both models I purchased allow you to program a series of numeric passcodes, in case you’d like extras for the dog walker, baby sitter, or the kids.
Third, as most smart locks require batteries, I wanted products that allowed for quick and easy access to change them. Important note: smart lock battery packs last about 6-12 months but, eventually, need to be replaced.
Once the batteries die, functions like touchpads and auto-locking no longer work. Be prepared and schedule battery changes, in advance, in your calendar, and on your schedule.
Fourth, I wanted products that would be REALLY easy to set up and use. I’m an Apple aficionado, so my great preference is for products that are intuitive and don’t require a 75-page instruction manual to learn.
Lastly, I wanted to buy the safest locks available, so I invested in locks with an exceptional or above-average ANSI/BHMA rating. The ANSI/BHMA scale for deadbolt locks starts at a grade 3, the lowest, and runs up to a grade 1, the highest.
The Front Door
The finished installation on our front door
For the front door, I purchased a Schlage Encode Smart WiFi Deadbolt. At about $200, it’s a lot of money to pay for one deadbolt lock, but it’s on “best locks” lists from places like Wirecutter, PC Mag, CNet, Consumer Reports, and more. For us, it was worth it, considering what we got:
an ANSI/BHMA Grade 1 rating, the safest rating possible
a numeric touchpad for keyless entry
auto-lock functionality to lock the door after 30 seconds
a built-in alarm if the lock senses the door being jiggled
works with Alexa and “Amazon Key”
has a built-in wifi chip so you can, if you want, connect it to your home network without the need to purchase any other device or hub
allows you to lock/unlock the door from ANYWHERE via the free Schlage app
allows up to 100 unique codes which can be assigned to unlock the deadbolt
over 1,700 reviews as of this writing, with a 4.6 out of 5 stars rating
Installation & Setup
The Schlage was installed by a professional locksmith in minutes. That was because we already had a deadbolt lock and so no drilling or boring was required. For good measure, I had the locksmith make me copies of the physical key to unlock the Schlage in case we find ourselves outside with dead batteries.
Using the Schlage Home App - available for iOS & Android devices - is extremely easy. I created an account and, once in the app, added the lock by scanning the code on the inside back of the device. Once the lock was entered into the app, I joined it to our WiFi and updated the lock software, also called “firmware”. Super easy. Lastly, I used the app to activate the auto-lock mechanism, 1-touch-locking, and more which you can see below at left.
Otherwise, using the Schlage app is as simple as pressing a button to lock/unlock the front door. I can now do that from anywhere in my house or… anywhere in the world. Which is both cool and creepy. The app displays the lock status using individual colors and graphics which is shown below at center and right.
Possible Problems… and Potential Workarounds
There’s one, obvious problem here that my readers should have caught by now. A smart lock that you can control with your phone? That’s joined to your WiFi network?!? Isn’t that a security risk? What if someone hacks your WiFi or steals your phone?!
Right. All worthy questions. Fortunately, there’s a workaround for those who are more security-minded: don’t join the lock to your WiFi network.
During initial pairing with your phone, you’ll be asked to connect to WiFi. Don’t. Quit the Schlage Home app and then relaunch. You’ll still be able to finish the setup and manage your lock - including the settings for auto-locking and 1-touch-locking via the app. But without that WiFi connection, your smart lock, can’t be attacked via your home wireless network. You can still control your app via cellular.
“But David,” you rightly point out, “If you can control your home’s locks with your phone and your phone is stolen… isn’t that a security problem?”
Yes, but, once again: there’s a workaround. You can choose to not pair your smart locks with your phone. The Schlage comes pre-equipped with two 4-digit user codes which can be found on the inside back of the lock mechanism (shown below). Either of those codes can be used to open the Schlage Encode without a key. However, if you go this route, you sacrifice the ability to set an auto-lock feature, program any additional codes or control your lock remotely. If that’s more your jam, Schlage still has you covered.
The Basement Door
The finished installation on our basement door
For the basement door, I purchased the Kwikset 99130-003 SmartCode 913 Non-Connected Keyless Entry Electronic Keypad Deadbolt Door Lock. At about $90, this very capable lock has most - but not all - of the features as the Schlage lock on our front door. What we got included:
an ANSI/BHMA Grade 2 rating, so still great for residential properties
a numeric touchpad for keyless entry
auto-lock functionality to lock the door after 30 seconds
a cool tool called a “Smartkey” which allows you to re-key your own lock for use with other keys you already own
allows up to 16 unique codes which can be assigned to unlock the deadbolt
no network connectivity, so no need for a smartphone app or wifi set up
nearly 2,000 reviews as of this writing, with a 4 out of 5 stars rating
Installation & Setup
Our Kwikset lock was installed by a professional locksmith on the same visit. Installation took about an hour because our basement door didn’t already have a deadbolt lock installed, just a handle lock. That meant that the door and the doorframe needed to be drilled and bored to allow the lock to be installed and function properly. I’m handy… but not that handy.
Once the deadbolt was installed, the locksmith used Kwikset’s SmartKey to re-key our new deadbolt lock to match the existing lock on the door handle. It took, maybe, a minute, if that. Kind of astounding, really. I then programmed the deadbolt to auto-lock after 30 seconds by flipping a small dip switch on the backside of the lock, the part on the inside of the closed door. Access to this switch and to the lock’s battery pack is gained by unscrewing three small screws. Simple.
Finally, I programmed one of the lock’s sixteen numeric passcodes. I was easily able to do this by pushing the program button on the lock, located just by the dip switches. 30 seconds later, we had our first, working numeric code programmed and a deadbolt that auto-locked after 30 seconds. Very easy, indeed.
Bonus “feature”: because this lock isn’t a smart home device, it never goes online and can’t be controlled with a smartphone, tablet, or computer. Good: that’s one less device in my home that someone can hack from a distance.
Possible Problems… and Possible Workarounds
Only one, small hurdle. You need to remove the cover on the inside of the door portion of the lock. that cover is secured in place with three screws: one on each side and a third on the bottom which is hard to get. So we just left that off after programming the Kwikset.
There are, of course, other things we might get that might help deter future thieves. Only, we’re not getting a dog anytime soon with two cats already in the house. We might consider an alarm system but, our townhome only allows for a few ways in, so that might be overkill. In the meantime, the Schlage has a small alarm built-in which is fine for now. And we could - like every other good American - get a gun. I’ve actually thought about it. But I’m not ready to make that decision.
We did decide to upgrade the metal plates into which our new locks slide. These are called strike plates and you should get the more secure versions of the ones you probably have. It’s a very cheap way to upgrade your door security and make them kick proof.
Lastly, I think it’s important to share that being burglarized - while my family was at home and asleep - stirred up a lot of feelings: anger, fear, powerlessness and more. I’ve come to understand that this is 100% normal and will take time to pass. That’s OK. Doing all of this research and sharing all of our home upgrades with you has been, for me, part of my healing process.
If I can help even one of you to prevent a future burglary, then I’ll consider this longer episode I’ve written a grand success.
And that’s a wrap for today’s episode, everyone. Thank you again, for reading and for being a subscriber. Let me know your thoughts & questions in the comments section. All subscribers can read & leave comments.
As always… surf safe.
Click here for my guide on how to choose a privacy-focused VPN.
If you’re looking to set up a VERY secure iPhone, click here.
To learn how to remove your personal data from the web, click here.
For a super cool way to NOT give your personal email address to everyone, click here.
Click here for a crash course on how to keep your devices updated.