Yale Assure Lock 2
From Wiki-IoT
Classification
| Yale Assure Lock 2 | |
|---|---|
| Classification | |
| Grade | A- |
| Calculator version | 1 |
| Classification date | 2025-10-09 |
| Information | |
| Name | Yale Assure Lock 2 |
| Brand by Parent | Yale by ASSA ABLOY Group |
| Generation | 2nd (successor to Assure Lock) |
| Model(s) | YRD256 (with Z-Wave), YRD256-CN (for specific regions) |
| Release date | 2020-08-01 |
| Type/Category | Smart Door Lock |
| Website | [1] |
| Status | In sale |
| More | |
| Dimensions | Front Panel: 4.5 x 2.7 x 1.1 inches; Back Panel: 4.5 x 2.7 x 1.1 inches |
| Mass | 1.36 kg |
| Operating system | Custom embedded system (compatible with Z-Wave, Wi-Fi via bridge) |
| Companion App | Yale Access App (iOS, Android) |
| CPU | |
| GPU | |
| Memory | |
| Storage | |
| Battery | |
| Power | |
| Charging | |
| Display | |
| Camera | |
| Sound | |
| Connectivity | |
| Device | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Known hardware tampering | None | [2] | Physical tampering triggers audible alarms and sends notifications via the app. |
| Known vulnerabilities | Rare | [3] | Yale releases firmware updates to address vulnerabilities (e.g., CVE-2022-26144 fixed in 2022). |
| Prior attacks | Rare | [4] | Limited public cases of attacks, with security risks primarily mitigated by proper setup (e.g., strong admin codes). |
| Updatability | Very common | [5] | Firmware updates require a compatible bridge (e.g., Yale Connect Bridge) and are pushed via the app. |
| Category score | 2 | ||
| System | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Authentication with other systems | Partial | [6] | Works with Z-Wave hubs, Apple HomeKit (requires separate bridge), and Alexa/Google Assistant via compatible hubs. |
| Communications | Encrypted with up-to-date encryption | [7] | Local data transmission via Z-Wave uses AES encryption; cloud communications use TLS. |
| Storage | Encrypted with up-to-date encryption | [8] | User codes, activity logs, and device settings stored on Yale servers with encryption. |
| Category score | 2 | ||
| User Authentication | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Account management | Full | [9] | Manage user codes, device sharing, and activity logs via Yale Access Account. |
| Authentication | Secure | [10] | Log in with Yale Account; 2FA (SMS/email) available for account protection. |
| Brute-force protection | Exist | [11] | Locks out keypad after 5 consecutive incorrect user codes to prevent brute-force attempts. |
| Event logging | Access event logged | [12] | Records lock/unlock events, user code usage, and tampering attempts in the app. |
| Passwords | Require change after setup with complexity requirements | [13] | User codes must be 4-8 digits; admin codes have higher security requirements. |
| Category score | 1 | ||
| Grade | A- |
|---|
