
The Current State of Smart Locks - emhart
http://schuylertowne.com/blog/smart-locks
======
billyvg
I have been using the August for a few months now and I have a hard time
recommending it to people. Smart locks need to be reliable and if they aren't
then you lose trust in your lock, and, well if you lose trust in your lock,
what's the point of owning it.

* Auto-unlock is great when and if it works, and is the only reason to own the August. Unfortunately it's currently iOS only.

* Everlock is currently in "beta" (it's the feature that auto-locks your door after 30 seconds), but one night after my friends left the house, it didn't re-lock itself, so now we can't trust one of the few features of the lock anymore.

* Opening the door with your phone itself is a slow and painful process. It takes anywhere from 5-10 seconds for the phone to connect to the lock before you can control it (this doesn't include unlocking your phone, opening the app, and selecting which lock to connect to). It's absolutely unusable for day-to-day users. There's no point in using this when your keys work faster. However, I can say this is useful for people that do not live in the home, i.e. friends, cleaners, pet sitters, etc.

That said, I have an extra August coming in that I'm not sure what to do with.
Christmas is coming up and I absolutely do not want to give it out as a
present because it's just not ready.

------
AdamJacobMuller
I replaced all of my door locks with Samsung SHS-3320/SHS-3321. These are
standard RFID and I can (and did) buy cards/fobs for them super cheap. You can
even stick a fob inside your hand/arm/face/whatever if you like:
[https://dangerousthings.com/shop/xnt-ntag216-2x12mm-glass-
ta...](https://dangerousthings.com/shop/xnt-ntag216-2x12mm-glass-tag/)

I've been super happy with them with a single caveat. They don't have Z-Wave
support. If they made these exact same locks with Z-Wave support I'd replace
all of my locks immediately with them. I really would prefer Z-Wave primarily
for programming purposes because the existing touch-screen programming can be
a bit limiting and it would be nice to be able to combine watching visitors
(dog walker or cleaning lady, etc) with allowing access remotely via z-wave
(currently they all have their own codes).

That said these locks are rock-solid and I wouldn't give up the physical
security that comes from their great construction for anything.

------
chestnut-tree
A good related article about locks from the BBC: _Is the traditional metal key
becoming obsolete?_

[http://www.bbc.co.uk/news/magazine-29817520](http://www.bbc.co.uk/news/magazine-29817520)

I'm quite conservative when it comes to locks for the home and prefer the
traditional mechanical lock and key. I like the Lockitron feature of recording
when a lock is opened/closed but that could be integrated into a mechanical
lock without requiring the lock itself to operate electronically.

I think this quote from the BBC article above sums up how I feel:

 _...what about wear and tear, asks Brian Morland of the History of Locks
Museum in Bournemouth. He cannot foresee a time when mechanical locks won 't
be part of our daily life. "You drop a key in water and it's okay. If you drop
an electronic key (or smartphone) it will cause endless problems."_

~~~
emhart
I'm glad you referenced that article with your concerns, I'm actually quoted
it in, but I think it was a bit of a shallow examination of a very deep topic.

I have my sole passion on the line when it comes to the decline of purely
mechanical locks. My heart is brass and pumps grease. I love locks. That said
- folks who can't imagine a time when the majority of door locks are
electromechanical might wind up on the wrong side of history.

One of the constant refrains when I first found locks was that electronic
locks could never be used in remote places where access to power might be a
problem. Then I learned about the Kaba Mas X-series of user-powered safe
locks. To the drop-it-in-water concern, many people are already using phones
that are fully submersible and all of those people can use their phones to
open several of the locks in this article. Not to mention waterproof
electronic fobs.

There are a ton of pitfalls, the worst of which I touch on in the section on
Yale's Real Living lock. The electronic lock manufacturers need to look to the
history of mechanical security engineering before they reintroduce long-since-
solved flaws. However, these systems are becoming robust and consumer ready.
There are amazing electromechanical locks meant to be used exclusively on
shipping containers, holding up to some of the worst weather conditions you
can subject your hardware to. The market may not be mature just yet, but it is
deep into puberty and whatever comes next will convince many more skeptics.

In the meanwhile, you can find me in a library, reading 19th century
engineering texts, pretending the world I love isn't changing just as I
learned to love it...

~~~
chestnut-tree
I realise my conservative attitude is somehwat contradictory given that many
apartment blocks have an electronic entry system to the building for guests
who ring the doorbell/press the buzzer. And yet, a mechanical lock for my
front door still feels more re-assuring to me than an electronic one. But as
you say, we're in the "early adopter" phase and perhaps it's just a matter of
time before electromechanical locks become commonplace and accepted.

~~~
prostoalex
Don't electronic locks come with a backup key in case the battery goes dead? I
have a Schlage Camelot and it does have a spare key, not sure if it's
commonplace.

~~~
emhart
Most do, only the Haven explicitly positions themselves as anti-key, but Yale
offers a keyless experience and it is possible to go completely keyless with
both Lockitron and August as well.

------
rsl7
I've tried a few of these. Kevo, lockitron, and some RFID one from samsung
(which was my favorite). The main problem for me, mentioned in the article, is
that residential doors are often not well aligned. if you try to open the door
while locked you can end up putting enough pressure on the deadbolt that the
motor can't open it. Humans recognize this with mechanical locks and we
automatically adjust.

The worst part of that, though, is when the smart lock tries to reset it self
and try again. You end up standing there while it goes back and forth, and in
the end it's a huge hassle.

Humans are good at adapting to new situations and dealing with ambiguity like
misaligned doors. With my mechanical lock, I can get really good and really
fast at opening it in all circumstances. but with the smart lock I'm subject
to it's slow speed and inability to adapt to new situations. I can't make it
go faster.

I'd rather doors be redesigned to be more like car doors.

------
jerrytsai
What a thorough and interesting review. I was wondering why all the attention
is placed on the locks and have been thinking that, a la many apartment
buildings in cities with their buzz-in door locks, why not approach the "smart
lock" problem by using electric strikes? A drawback would be you would need to
supply power to the door frame, but then you wouldn't have to deal with
worrying about when the batteries run out of juice.

To put it another way, suppose that, planning ahead, I install an electric
strike that allows me to "buzz in" people. Then what I would like to do is be
able to "buzz in" using a smartphone app, say.

~~~
Pyrodogg
Lockitron is also working on controlling existing electronic strikes.
[https://lockitron.com/store/buzzer](https://lockitron.com/store/buzzer)

~~~
bravo22
They're not working on it as something new. That was their first product many
years ago.

~~~
Pyrodogg
Interesting, i'd never heard about that until pretty recently. To be honest,
when I think of Lokitron all I think of is the deadbolt product, and then
mostly manufacturing/shipping delays.

~~~
bravo22
Their first product was very similar to the deadbolt one but it was a retrofit
electronics for someone else's mechanical deadbolt. It was also powered and
had to be connected to Ethernet. I'm going by memory and could be a bit off on
the details.

But yeah the deadbolt is a refinement of their earlier product. Which makes me
a bit baffled about how badly executed it is the second time around.

------
justinsb
Would love to have seen the Schlage locks included in the comparison - I think
they're the front-runners. Perhaps I'm overlooking some terrible flaw?

~~~
jambo
They really know the hardware/manufacturing side. You'll get a good lock from
them. It's standards based, and those standards (e.g. z-wave) take into
account power requirements, meshes, and security. I worked on their web app,
Nexia, some time ago, and because it's standards based you can also DIY with
their locks and something like Mi Casa Verde.

------
lettercarrier
Great Read. I see a ton of the GE Supra iBox Lockboxes. I hear they cost
realtors a lot and they have no alternative. Perhaps for the VRBO or non-
Realtor properties too.

This is a really stupid question, but will there be hybrid locks not for
door/access but stuff we never thought could be locked in the old mechanical
days? a pack of cigarettes? pill bottle? sleeve to a jacket? briefcase? mouse?
baby child-proofing? an envelope?

~~~
emhart
Not a stupid question at all. A dive through the patent record reveals a ton
of amazing ideas for locking random objects up. in my conversations with Bob
Swartz he has been fond of saying that locks are essentially latches, which is
a great way to think of them. Here is a quick rundown of locks that have been
patented that cover your examples:

Time Lock for Cigarettes:
[https://www.google.com/patents/US2681560](https://www.google.com/patents/US2681560)

Combination lock for Pill Bottles:
[https://www.google.com/patents/US3405828](https://www.google.com/patents/US3405828)

Ok, not a sleeve, but a mechanical lock for jacket pockets:
[https://www.google.com/patents/US1138507](https://www.google.com/patents/US1138507)

and, of course, briefcases take a lot of locks, including very high security
ones: [http://bagstogo.com.au/Secura-Case-15cm-Security-
Briefcase-w...](http://bagstogo.com.au/Secura-Case-15cm-Security-Briefcase-
with-Bi-Lock-Black.html)

And thanks for the kind words!

------
declan
I loved this writeup, but was sorry to see the Sunnect digital deadbolt
missing from the lineup
([http://www.sunnectlock.com/products.html](http://www.sunnectlock.com/products.html)).

I've had mine for 4+ years and have found it very reliable. It's keyless and
non-networked, both of which I consider to be features. Aside from initial
installation (which was a pain), no other complaints.

------
prawn
Could the power/charging issue be handled by a rotatable handle/component that
can charge up a battery if it goes flat and leaves you outside? A bit like the
wind-up torches you see around the place?

Or would it require minutes and minutes of manpower to realistically charge?

~~~
ianburrell
Another idea to provide backup power is to have backup battery in the "key".
The key wouldn't be need to be mechanical, but electronic, and could provide
the juice for emergencies. Another option would be a "key" that acts as
microUSB adapter to provide power from phone.

~~~
pjc50
Providing power through the key makes it an attack surface (what if I supply
5kV? can I use it for power-analysis attacks? etc)

------
BryanB55
I was hoping for more of a security testing/review of each of the locks. It's
hard to find any real world tests that have been done on these locks to see
how hard they are to physically compromise.

I have the Yale lock but without the keyhole on it and without the z-wave
module in it. I chose this one because it was one of the few that avoided
having an actual keyhole on it to lessen the chances of being picked or
bumped. I'm still wondering how it stacks up to being hit with a hammer or any
other physical attacks.

~~~
emhart
Yeah, sorry to fall short of actual physical testing. There are some awesome
researchers champing at the bit to get their hands on a collection of these
locks, so expect blog posts, conference presentations and papers to start
trickling out over the next year or so.

Personally, I'm very interested in your experience of living sans key. Do you
live with anyone else? Was there any discussion or extended thought process
before making the switch? Do you have an idea of what your ideal lock would
be/do?

~~~
BryanB55
Living with no key is great. Just need to remember a 4-8 digit pin code. All I
carry now is a key fob for my car. I live with my girlfriend and we each now
have our own pin codes on the Yale lock, super easy to use and I've had
installed now for 1 year and have not had to change the batteries yet. The
auto locking feature is also nice so no one forgets to lock the door, it just
locks after about a minute. If I'm expecting friends or a maid I can input a
new code for them in 2 seconds right from the lock.

My ideal lock is pretty close to the Yale: \- Physically tough (not sure if
the Yale lock is but it feels pretty hefty to me) \- No key hole \- 4+ digit
pin codes \- Multiple pin codes \- Auto lock only when door is closed (the
Yale does it based solely on time) \- Easy way to plug/unplug a z-wave or
zigbee module. Although I don't see much benefit to having my lock hooked up
to the internet. I can simply tell people my guest code that is programmed on
the lock if I need to let someone in and I'd prefer not to open up another
possible attack vector.

I also have a Samsung EZON 3120 which has been discontinued but I like that it
locks only when the door is closed.Also when typing in a pin code it makes you
hit two random numbers on the key pad before entering your pin code to make it
harder for someone looking over your shoulder to figure out the code and/or
leave fingerprints of your code on the touch pad.

~~~
cybergibbons
I have one of the Yale locks in the UK and you can enter as many digits as you
want before and after the actual combination and it will still work.

------
bharatvasan
@billyvg - I'm part of the team at August and sorry to hear you're not having
the best experience. Auto Unlock is coming to Android soon and we are quickly
fixing issues in the field as they come in. Many are new issues that are
either specific to the user environment, manufacturing batches or didn't show
up in QA/beta. If you wouldn't mind pinging me at bv@august.com, would love to
debug any issues your lock might have.

------
Rafert
Interesting read! Do you have any thoughts on the qKey system from the Dutch
startup Ubiqu? [http://www.ubiqu.nl/](http://www.ubiqu.nl/)

~~~
emhart
Oh, this is awesome! Thanks for the heads up and kind words . I don't, yet,
have any thoughts, but 2 of the 3 mentors/teachers I mentioned at the top are
Dutch, so I will be hitting them up for their insights. You can find them at:

Barry Wels: [https://twitter.com/barrywels](https://twitter.com/barrywels) Han
Fey: [http://hanfeylocktechnologies.com/](http://hanfeylocktechnologies.com/)

------
Someone
There's also "smart with a somewhat traditional key" as in
[http://www.iloq.com](http://www.iloq.com). Doesn't talk to your smartphone;
actually, doesn't talk at all until a key is inserted. That removes many
privacy/security concerns. Open question for me is how easy this is to crack
and how reliable it will be (if you have a valid key, will you be able to get
in, even after a few years of wear and tear?)

------
lutorm
I'm somewhat disenchanted with the prospects of keeping a house safe with the
use of a lock. Even if the lock itself is perfectly safe, any sliding doors or
windows are easy points of entry. And even if those aren't an option, many
doors and frames are flimsy enough that a prybar or a ram will split them.

Sure, there are ways around all of these, but you'd end up feeling like you
live in a prison...

~~~
caf
There's also removing a couple of tiles from the roof.

~~~
emhart
The rififcoup!

So named for the fabulous film Rififi, in which burglars rented an apartment,
then drilled through the ceiling to the floor below. This was a direct
reference to the French criminal anarchist Alexandre Marius Jacob who famously
carried out just such an attack in the early 20th century. At his trial (for
murder, among other things) he uttered one of my favorite quotes. He was asked
what had become of him, he had traveled the world as a sailor, he was
educated, how had he become a murderous anarchist. To which he replied:

"I have seen the world. It is not beautiful."

------
crymer11
Kwikset makes several deadbolts with keypads and keyZ-Wave support that I've
been very pleased with. I'm a big fan of the quick rekeying feature most
Kwikset locks have these days so I can always rekey just all my doors and give
that key to someone (since putting Z-Wave enabled deadbolts on all my doors
would be fairly expensive).

------
WalterBright
> who want to bring a keyless hotel lock experience to the US

No thanks. Those keyless hotel locks fail too often when I use them to ever
want them for my home. At least in the hotel, I can go back to the front desk
and they'll fix it. I also don't care for the slowness of operating them vs a
regular key.

------
seattlewag
It would be more interesting to get a write up of your kickstarter fiasco.
[https://www.kickstarter.com/projects/schuyler/lockpicks-
by-o...](https://www.kickstarter.com/projects/schuyler/lockpicks-by-open-
locksport)

------
patcon
For anyone interested in this space, i recommend looking into ethereum, a
bitcoin-like network. There's been lots of talk of "smart property" relating
to blockchain technology, and imho, locks are the perfect starter use-case. I
mean, locks are all about proving ownership, so what better arena to test the
idea of using a cryptographic ledger of ownership. I've spent a little time
considering how to port the lockitron api into an ethereum contract, and I
don't expect it to be too difficult

~~~
ianferrel
"I mean, locks are all about proving ownership"

I don't think that's true at all. Locks serve two primary purposes:

1\. Access control 2\. Intrusion detection

Neither one is really about ownership, but about allowable use. And
particularly neither one is about proving ownership.

~~~
patcon
> I don't think that's true at all.

Forgive me for saying, but this whole response seems like a confrontational
HN-esque way of saying "What about intrusion detection?"

To which I'd say, "Great point! And you're right, that comes more easily for
physical locks. Although I think we could do some interesting things with
incrementing nonce's for successful and failed attempts to transact with a
smart lock design."

~~~
ianferrel
I thought your original comment was misguided. I think there are cool and
interesting things happening with blockchain technology that are related to
ownership, and that are based on locks. But the fact that some new technology
touches both doesn't mean that traditional locks do.

"Ownership" is a legal concept. A lock doesn't prove ownership in any way. The
person with the keys to a car or a house isn't the owner of it. The person
listed on the pink slip/deed is.

I started out saying that locks are just about access control, then remembered
the old "locks keep honest people out" adage, and added "intrusion detection"
to the list.

------
rsync
It is stunning to me that these products exist and are going to be widely
deployed.

Your front door lock should not talk on the network. It should not have
"social features". It should not rely on electricity.

Your smoke detector should not be connecting to google servers. Your
thermostat should not be connected to facebook.

Those are facts.

Either you instinctively understand those facts or you will learn them
accompanied by much pain.

~~~
krapp
It's unfortunate you're being downvoted for pointing out something many
programmers take for granted - that introducing unnecessary complexity to a
security-oriented product makes it less safe by design.

~~~
semanticist
I think they're being down-voted by listing some opinions and finishing with
'these are facts'.

Maybe networked door locks are a poor idea, maybe they're not. There's nowhere
near enough of them in use right now for consumer risk to be assessed and
determining 'facts' is a long way off. That kind of arrogance is obnoxious and
should be down-voted. It doesn't add to the discussion, it doesn't add to
anyone's understanding of the risks involved, it just acts to shut down
conversation and is negative and damaging to the community.

Looking at similar advances in car locking technology - where 'keyless entry'
or 'keyless go' is a common high-end car feature, suggests that it might
actually be possible to have this balance of convenience and security.

------
shmoosr
Mo,

Having recently purchased a home, and piled rocks, loose stones, bricks and
the like next to my window laden front entryway door, what lock do you
recommend I purchase?

Bear in mind, I don't want anything that my neighbors will understand, or
industry experts will look down on. As a technophile, I want to walk only the
bleedingiest of edges, employ the most futuristic of tech, and employ the bare
minimum of common sense.

In fact, if it could be expensive enough be the target of break-in, so much
the better!

love, shmoo

~~~
emhart
Heh, if you want to go absolutely bonkers you could go with a
lockitron/august/Haven on the interior, multi-point locking system in the
door, an Abloy Protec 2 or EVVA MCS for your primary lock, and a Drumm Geminy
Shield over that. (the Drumm shield is a lock to protect your lock.)

Remarkably, you could probably make it all happen for just north of 1k, or
less if you are willing to do much of the labor yourself. Of course you'll
have to wait for your smart lock to arrive, but you can rely on the mechanical
locks in the meanwhile.

And any mechanical security enthusiast you invite over will be absolutely
floored by your setup.

