
Lockitron (YC S09) Lets You Unlock Your Door With Your Phone - RyanAmos
http://techcrunch.com/2011/05/13/lockitron-lets-you-unlock-your-door-with-your-phone/
======
corin_
I love the idea, but I don't think I could trust myself with it. Generally my
phone will still have a healthy chunk of battery left at the end of the day,
but fairly often, if I'm out of town for a day for meetings or whatever, by
the time I'm back home I will have spent so much time on calls that it will
have completely drained my battery.

One feature I'd love to see is connecting it with the doorbell, then I would
forget about my battery worries and go straight for it. Would come in
occasional use for if someone you're happy to let in arrives while you are
out, but would also be great for day-to-day use. They press the buzzer, you
get a phone call to talk to them followed by the option to let them in or not.
(Where I live right now, my office is two floors up, it's pretty rare that I
can hear anyone at the door.)

edit: The FAQ page is a bit vague about international orders due to "latency
issues", any chance of some expansion on that? To my mind, a long distance
(say, UK to California) is adding less than a second of latency, and I
wouldn't have any problem if the door took a couple of seconds to unlock. But
maybe I'm misunderstanding the problem latency causes?

~~~
wheels
Stash an extra charger cable outdoors? I wonder if that could eventually be
worked into the product somehow; i.e. a DC current where there's a recessed
spot for an adapter...

~~~
astrofinch
Hm, but phones still break a fair amount more often than keys...

------
extension
Neat idea, but it seems to me that you absolutely must hide the backup key on
your property for this to be safe. There are way too many points of failure
between the phone and lock.

Why not have the phone talk to the lock through the local wifi? Or put a
wifi/bluetooth radio right in the lock? That should be more dependable and
faster. Is that what you are talking about here?

 _"if you would like to access Lockitron only via your local network, then we
welcome you to flash your base-station with a new image that gives you full
access to develop as you see fit (coming soon)"_

Or, you could communicate via QR code on the screen, using a camera in the
door (that doubles as a remote peephole).

Or, you could encode the data as high-frequency sound and use the speaker/mic
for two-way comm.

There are all sorts of possibilities that beat going over the internet.

~~~
paulgerhardt
>>Why not have the phone talk to the lock through the local wifi?

The easy way to do this was susceptible to a number of different attacks so we
disabled it. The hard way is being sorted out.

>>Is that what you are talking about here?

Sort of. If you buy the equipment, it's yours to hack...this includes
expanding functionality to support eccentric authentication mechanisms. I'll
post some stuff to our blog in the coming weeks to give you an idea.

------
anateus
Really killer for things like providing access to Airbnb guests without having
to be there.

~~~
proee
They should add a keypad as well for people without a phone. Keypad code gets
set automatically for each Airbnb guest and expires automatically. This of
course requies the Airbnb space to have an internet connection.

~~~
dandelany
How many Airbnb users do you expect to not own a mobile phone?

~~~
quadhome
I often don't have a mobile or mobile number when I enter a foreign country.

~~~
ccamrobertson
We don't have the perfect solution to this yet, but we've been mulling the
idea of key code locks for a while.

Current users who encounter this usually find some way to unlock their door
for their guests after a phone call, leaving keys inside. The prevalence of
affordable prepaid phones is helping to alleviate this issue.

------
xentronium
> While the Lockitron locks do accept traditional keys, the main advantage of
> using the same technology as found in car key fobs to open your front door
> is that everything is in the cloud (your data is encrypted).

> main advantage [...] is that everything is in the cloud (your data is
> encrypted).

What? Someone is trying to feed me buzzword soup again.

~~~
codeup
Buzzword soup yes, but it's oversalted (once again).

I fail to see any advantage in having my front door "keys" stored in the
"cloud".

~~~
nagrom
The advantage is that (theoretically) you can't lose them, you can grant and
revoke access permissions at will based on time limitations and you can share
them very easily. See other comments on the thread about airbnb for example.

~~~
corin_
Really you could have that benefit without using remote servers at all, just
run a local server at home. After all, if your home connection dies, your door
can't be unlocked by 'the cloud' either.

~~~
nagrom
That's true - but you probably don't grind your own flour, service your own
car, run your own bank or make your own furniture. Why run your own server?

~~~
corin_
Awful examples. Running your own server for this wouldn't have to mean
learning to code your own firmware for their hardware, it wouldn't even have
to mean being tech-savvy enough to install something like apache.

Lockitron could chose to release their hardware with that already done, so it
plugs into the router and is ready to go. In that case, there are no benefits
of the cloud, and the downside that it adds an extra possible point of
failure. An example that would fit your comment, but not your theory, better
is "you probably don't run your own router control panel web server". How many
routers want you to control them through their manufacturer's remote servers,
rather than just having an HTTP server built in? And is that in some way as
time-consuming as grinding your own flour or making your own furniture?

Sure, as it stands right now, you might not be able to buy a Lockitron device
and run it yourself quite as easily as using their servers. But this chain of
comments isn't discussing "which choice should buyers make", it's "is their
use of buzz words justified when they say _'main advantage [...] is that
everything is in the cloud'_ ", and frankly I don't think that's an advantage
over a system where all devices run their own servers.

~~~
nagrom
Sure there are benefits. The keys are backed up remotely and you have access
off-premises. If anything goes wrong, presumably you can call up tech support
and they can access the system without your opening ports on your router or
messing with a firewall. It could make administration (and reliability) much
better.

They may not be benefits that you want, but they're the benefits that
Lockitron are stressing.

(Personally, I'm happy with a key and, FWIW, my parents don't run their own
control panel on their Vodafone local cell-network box - they call up the
service people and they access the box remotely. So I can happily agree with
your comparison too, if you like.)

------
tytso
I'm not that happy that the lock has to communicate with a central server. For
one, that adds all sorts of dependencies (the internet, central service, etc.
have to be up for the unlock command to work). For another, what if there is a
security compromise of the central server?

I'd much rather have a system where the lock uses an NFC sensor and a CPU, and
it works with phones that have NFC. Yes, you wouldn't be able to do remote
revocation (you'd have to be standing in front of the lock to send an updated
CRL), but it would be a lot more secure, and it avoids dependence on a central
server.

------
rdl
This is great (and would be nice if it did cars and worked with HID office
keys, too).

I would be a lot happier with a single RFID tag per user (globally; it could
be your phone with NFC, or a $0.05 tag) which could be remotely added or
removed from the ACL on doors (use zigbee or even a 3g chipset built into the
door; it only updates infrequently).

That way you don't need to pull your phone out in a dark alley and hit a
button to unlock the door, and if your Internet connection is down (or power
is out), the door can still unlock.

You could hack this up with the Schlage locksets and new firmware.

I guess it's a question of feature prioritization: no keys at all but a
clunkier UX with less features, or a single RFID tag with lots of other
benefits.

~~~
18pfsmt
Austrian RFID (ISO 14443) company Legic has had a deal with Schlage for a
while. And Swedish lock company Assa Abloy ($B conglomerate) also owns HID
(and its numerous subsidiaries), which pretty much dominates RFID-based access
control, and has had a solution in place for at least 3 years that I know of.

Edit: Legic is Austrian, not German. Fixed.

Edit 2: I was obsessed with this topic in '06-07 as the RFID startup I worked
for struggled to maintain relevance as each use case for RFID proved pathetic
ROIs vs existing solutions. I left when it was clear NFC/ payments was the
only viable strategy and the startup was unwilling to drop the other verticals
and pursue NFC (which is only now about to become viable).

~~~
rdl
Yeah, the value is in having a decent API, easy self-install lockset for homes
and small businesses; HID type stuff is almost always professionally
installed, requires wiring to the door, etc. The legic/schlage system has
really bad software, and the service is lame, too -- bad enough that I bought
one and didn't install it on an exterior door.

I like the hacker aesthetic of lockitron, but want the robustness of the pro
stuff too. Although if they do NFC tag reads in the lockset, it wouldn't be
too hard to work as a simple internet-programmable RFID lock.

~~~
ccamrobertson
Thanks for the idea! I wouldn't be surprised if we move in this direction.
People love their fobs, but provisioning for temporary access on the big
access control systems is a pain with current panels.

The big issue is, of course, hardware development cost in getting active NFC
into the locksets. Some of the high end hotel & commercial locksets from Assa
and Schlage are adding NFC capabilities, but I suspect the software is plagued
by the same, traditional problems.

~~~
nupark2
The current software is bad, but you must realize that we don't want off-site
"cloud" software for our office doors. What happens when your servers go down
(or our internet goes down) and we ... what, send people home? Prop the doors
open because our door unlocking service provider is down?

What we want is reliable software that we can own, run locally, _integrate
into our existing systems_ , and maintain in the event of failure.

~~~
rdl
Actually, for commercial users, what would rock is something which could do
LDAP and integrate with real-ldap or Active Directory for access control;
taking it away from a weird outsourced system or standalone old windows PC and
integrating with the regular IT infrastructure.

This already happened with PBXes; next, it should happen with access control,
and then with building management (HVAC; imagine if logging into your
workstation allowed you to have programmed lighting/heating controls for your
work area happen automatically; especially useful if you work at night or on
weekends in a big office)

~~~
nupark2
I very much agree. Having something that could drop into our existing
directory system is exactly what I was thinking; the standalone Windows PC is
what needs to be retired.

------
aberman
I live with the founders so I've had Lockitron for about a year. in my
unbiased opinion: it's absolutely amazing especially if you have a lot of
house guests (hacker sleepovers).

~~~
busted
I'd be interested to hear what kind of backups the founders have. My biggest
worry would be what do I do if something happens to my phone while I'm out:
broken, mugged, or even just the battery died. It would suck if on top of that
I couldn't get into my own house. Do you guys still take your keys with you,
or keep a spare around?

------
tomjen3
Hmm this seems to me even more annoying than keys - why phone is bigger and
more difficult to get out of my pocket.

On the other hand the little RFIDs are absolutely awesome to open doors with,
try to use them instead (they are cheap enough that it doesn't matter).

~~~
yan
I'm not looking at it that way. Keys are just another thing to keep in your
pocket, but your phone is always with you. The way I carry stuff in my
pockets, my phone is always more readily available than my keys so taking it
out is a natural motion.

You can, however, argue that taking out your phone, launching the app, and
clicking a button is as an aggregate action more involved than just inserting
and rotating a key. I think the real benefits become apparent when you realize
all the stuff this enables you to do: your spouse/friends no longer get locked
out, you never have to do the "did I lock it or not?" dance, and if they
provide an API, you can sync a lot of stuff when your door opens, like turn on
appliances, trigger a network setting, boot your computer, text your friends,
anything really.

~~~
tomjen3
Yeah but all of that could be done from a phone if the house was locked with
an RFID tag (and they are cheap enough that you can hand them out more or less
like candy, since they are about that price).

As for not locking the door, that is definitely a problem (as is, as I have
also done, unlocking the door and leaving the keys in it) but I have never
really been in doubt that I locked the door, even if I hadn't.

------
maxklein
Another idea that will fail based off the user interface. Keys are too slow.
Opening the door with your phone is even slower. I prefer to carry a second
faster key than have this in my pocket and then click slide, start the app,
wait for it to connect, then open the door.

~~~
pclark
You are missing that this is not necessarily aimed at regular home owners.
Imagine offices, rented accommodation or as a secondary lock for homes. Being
able to offer and revoke keys over the air is huge.

This isn't disruptive to household locks, but to the high ticket price door
entry systems.

~~~
maxklein
But then why mobile? Why is it not just a web based app if it's meant to
manage a large number of locks? Mobile is not a convenient interface, apart
from things that need to be mobile.

~~~
pclark
What other devices would be an appropriate replacement for a key other than a
mobile phone? (or do you mean a mobile web app?)

eg: using keyfobs = a) regularly lost, b) regularly forgotten, c) small
expense every time you give to people, d) never get them back.

~~~
maxklein
It's still pointless. The current key-system is a low tech, simple system with
few associated costs and no major pain points. It's also a system that is
strongly in place already. The Lockitron is a complicated system with many
moving parts that will break every now and then, and that has no clear target
market, and it's more expensive than current systems.

If the makers get it to work, I'd be happy for them, but my estimation is that
it's going to be dead in a couple of years.

~~~
pclark
You're being remarkably negative ;)

There are numerous problems with the market, that IMHO, Lockitron is attacking
(which is not the residential market)

Why wouldn't ever office to lease use this over elaborate and expensive key
entry systems?

~~~
nupark2
Offices use RFID key fobs with local, dedicated hardware. An internet
connected mobile phone based entry system is too complex, and will have
particular difficulty integrating into the existing supply/service chain for
these kind of systems.

We really, really don't need mobile phone based key unlock systems. I een
considered building one for our home, but diacarded the idea due to the user
experience complexity of having to use my phone instead of a simple key (but
still carrying a key in case of failure).

As for Airbnb users, all you need is a programmable keypad (or an RFID entry
system.)

This is a solved problem.

------
jessriedel
I like the idea, but I'm not paying a subscription fee for the doors to my
house.

~~~
sorbus
Read the article: "a one time fee of between $295 to $500."

And from their website: "starting at $295 with no monthly fees for our basic
service."

~~~
nedwin
Though if you want the text option it's $5 per month.

------
kapilkale
I bought one for my father, who tends to be OCD about locked doors, and he
absolutely loves it.

------
proee
This is great feature for the fact that you could potentially lock ALL doors
in your house at once. For people with 10k square foot house, this could save
a lot of footwork before heading out to town.

------
LogicX
Anyone know if there's a similar internet (wireless?) connected deadbolt with
a keypad -- such that you can create multiple valid keycodes on a schedule,
and receive logs back regarding accesses?

~~~
apperoid
AFAIK Schlage offers this kind of service.

------
darraghbuckley
We use one at the office - couldn't be happier with it. Great product!

------
palish
So... What about security?

Would it unlock the door if I captured packets sent by the phone, then
replayed them later? (Would that be difficult to do? I've never done it.)

~~~
paulgerhardt
>>Would it unlock the door if I captured packets sent by the phone, then
replayed them later? (Would that be difficult to do? I've never done it.)

The short answer is no. The long answer depends on how many packets you
capture. See also:
[http://www.mozilla.org/projects/security/pki/nss/ssl/draft02...](http://www.mozilla.org/projects/security/pki/nss/ssl/draft02.html#D.3)
(Section D.3)

We've gone to great lengths to ensure any additions are pareto-secure.

------
tealtan
Really cool idea, but I think any system like this needs to have a fail-safe
option, for when your phone runs out of batteries.

~~~
armored
Uhh, it uses a standard key as a failsafe.

~~~
mdolon
What's the point of unlocking with my phone if I have to carry my key around
in case my battery dies?

~~~
dangrossman
Hide the key on the property or in your car. You don't have to carry it around
with you.

~~~
xentronium
> Hide the key on the property or in your car.

I thought enough people knew by this time that storing all your passwords in
plaintext file on desktop is insecure. Why do you even need a phone if you
have a key somewhere on the property.

~~~
dangrossman
You need a phone to make and receive phone calls, among other things. That's
why you already have it. You don't need the key for anything but opening your
front door. The point of this device is to obviate the need to carry that key
all day for that single moment it's needed.

Nobody's going to find your emergency spare key if it's left in a non-obvious
place; there are no rings of thieves with metal detectors scouring half acre
properties.

------
christonog
This works if you need to give friends or family access, but what about taking
it one step further by using a finger print scan + security PIN? Trying to
fiddle with your phone from your pocket and opening an app or sending a text
message can be just as cumbersome as looking for your keys.

------
ImperatorLunae
My gut reaction was "this is useless."

Then I actually thought about unlocking my door with my phone. This is a great
idea.

------
picasso81
This app is brilliant! Congrats guys.

------
whereareyou
Wonderful gadget. Once the hardware evolves into something prettier I am all
in! I am excited for a future when my phone, or just simply my presence,
unlocks all my doors...especially my car door.

------
snowmaker
This the kind of idea that sounds so obvious in retrospect. Now that everyone
carries around a phone at all times, bringing a key as well is just redundant.
Can't wait to see this get adoption.

------
zitterbewegung
Anyone think this is a bad idea? What if your phone becomes comprised or
stolen? Then they have access to your house? Its easier to forge a bunch of
bits than a key.

~~~
e1ven
Not really.. Lock picking, particularly home-locks, isn't very hard at all.
Many people attend Lock Picking competitions, and it is a somewhat popular
geek-sport.

I'd much have a 4096-bit public key, than a flimsy piece of metal.

See Also: <http://www.capricorn.org/~akira/home/lockpick/>

------
kleiba
Cool! Where could I inspect the source code for this?

------
karlzt
another good thing is that you don't have to make copies of physical keys.

------
Devilboy
Will this also SMS me whenever someone opens my door? I think I want one.

~~~
ccamrobertson
We have logging, but alerts are a high priority! If you buy one I will build
it for you :)

~~~
asmithmd1
How long do the batteries in the lock last?

Can you tell us about the architecture? What kind of wireless link do you use?
Does the lock poll the base station? How do you traverse the home firewall? Do
you poll continuously?

~~~
paulgerhardt
>>How long do the batteries in the lock last?

Depends on the batteries...a 4 pack of name brand alkaline's from Target
should get you between 10,000 and 18,000 cycles or about 1-2 years. I haven't
tested with some of the crazier 22,000mAH ones one can get through Industrial
resellers

>>What kind of wireless link do you use?

For the residential units, the server talks to the door lock using the same
protocols found in car fobs.

For the commercial systems, we use electrical strikes. There is no wireless
communication. We manually trip a relay.

>>Does the lock poll the base station?

Receive only.

>>How do you traverse the home firewall?

Encrypted Tunnels

>>Do you poll continuously?

Push

~~~
asmithmd1
Thanks for the info - but I want more info, where is your blog?

How did you come out with 4 different locks at once? Did you partner with an
existing lock manufacturer?

You know you have to release an API.

~~~
paulgerhardt
We've only just come out of stealth mode after nearly two years of quiet work.
We'll be posting some more stuff in the coming days...

------
suhail
<3 Lockitron

------
bsgamble
Can't wait to buy one of these!

