
Bitlock replaces your bike key with your phone - mehrdad
http://bitlock.co
======
unsigner
Cute, but seems like a solution looking for a problem, and finding the wrong
one.

The major problem with bike locks IMHO is their laughable resistance to brute
force physical attacks, e.g. $100 hydraulic cutters. I don't think anyone
around here bothers with picking the actual lock.

~~~
jessaustin
_I don 't think anyone around here bothers with picking the actual lock._

True in general, but for a time one could pick Kryptonites with a Bic pen.

~~~
emhart
And similarly efficient attacks for current gen disc detainer based bike locks
are on the horizon.

------
vertr07
Did these guys think about the bike lock market at all when they created this?
Why reinvent the wheel? For bike locks people value security and convenience.
This offers neither over standard key locks.

I'm a cyclist. Why would I want to mess with an electro lock when all I want
to do is get on my bike and ride? This seems a symptom of 'an app for
everything' syndrome.

~~~
mehrdad
As a consumer product, BitLock is targeting a niche market (like any other
keyless locks). It is way more convenient than a regular lock. You don't have
to carry a key with you plus the interaction is seamless. Also we never have
to deal with lost bike keys. However an important side application for this
lock is bike sharing. For example, You can setup a bike share system among
your friends on college campus. This you can't do with regular locks.

~~~
vertr07
I really don't see that happening on a campus. If I'm going to setup a bike
share, I'm not going to leave the bikes outside locked in a public place.

Second, keys are pretty fucking convenient. What exactly is the downside of
keys?

Finally, you should disclose that this is your project when commenting on it.

~~~
mehrdad
* Finally, you should disclose that this is your project when commenting on it.

I apologize about that. I kind of assume it was clear but thanks for the
reminder.

If you want to share bikes, hand-off of keys will be an issue. With BitLock
for example you can share 3 bikes between 10 people. with the app on your
phone you can geolocate bikes and lock/unlock easily.

------
reneherse
Interesting to read this juxtaposed with the article on increased smartphone
theft in what also happen to be cities with high populations of cyclists.

In my personal infrastructure and gear, I like redundancies that create soft
modes of failure. The more we make the smartphone into a security hub (or a
payment hub), the greater the cost & inconvenience of theft, loss, or damage
of the device. Spreading these functions between phone, wallet, and keychain
is a healthy "division of labor" that spreads failure risk.

E.G., you can steal my wallet, and you can steal my phone, but I'm still
safely biking home from the bar because you didn't steal my keys.

However, yes please to more convenient bike locks. Just not
increasing/concentrating device dependency and risk.

~~~
Justsignedup
I kind of want to build a boobietrap into this. You steal my bike, the
bikelock detects it and triggers a timer, the person starts riding the bike
and BOOM his ass explodes. Then I can program my stolen phone to point to my
bike so the boobietrap can be sprung. Oh it will be awful and awesome.

------
grogenaut
Just what I need, for my phone to be dead at the end of the night and not only
can't I call a friend to get a ride home, can't unlock my apartment, and now I
can't unlock my bike either.

~~~
mehrdad
The battery life issue of smart phone is coming to an end. Basically battery
life will be the prime feature of competition for smartphone makers from now
on. Wireless charging, better battery technologies, and etc means the
probability of your phone dying on you is going to decrease considerably over
the next few years.

~~~
grogenaut
Take your argument back to 2005, it still holds. And it didn't happen. Doesn't
mean the bar I'm at has a charger or that I'm going to remember to charge my
phone when I'm out and about doing whatever I do (movies, golf, bar, board
gaming, lan party).

The failure case is still terrible and consists of me with a hacksaw at 3am on
the side of the road "Stealing" my own bike.

~~~
mehrdad
In 2005 there were not as many smart phone out there as day. Plus we are
getting more and more dependent on your smartphone. We use it for calls,
navigation, emails, not to mention facebooking! soon it will be your wallet as
well. So this creates a lot of pressure as well as incentives for smart phone
makers to get ahead of competition of things like battery life. Note that
innovation in smart phones has almost died. Apple is struggle to innovate
(still they are doing some stuff with fingerprint scanner, motion
processors,...) but the next big thing for them will be the battery life in
terms of hardware innovation.

a final note, the battery innovation does not even have to be that much of a
breakthrough. if your phone lives for a couple of days on a single charge,
then the probability of running out of battery will decrease dramatically
(since most people charge at least once every two days).

~~~
grogenaut
The pressure is to make the phones more powerful to do more with teh
instegrahms, not to have longer battery life. If it were we wouldn't have gone
from month long standby times (Nokia 5xxx) to partial day battery life (any
modern phone with everything turned on). You can argue it all you want but
battery is not growing faster much as our hunger for screen size, processing
power, network use, memory, gps, etc are. Anything we can squeeze out of a
battery will get gobbled up for quite a while.

Feel free to use something like this. It's geeky cool. I've just been burned
by things like not being able to contact my ride from the airport, or my phone
randomly deciding that it's just too dead to turn on at 8%, that I'm not
trusting it for keys to my transportation / apartment.

For those things, if they have battery, like say my apartment combo lock, I
want things with a good battery life (in the years) for the whole thing, a
good failure state that I will always have on me (a combo), and obvious
notification EARLY when the battery is going low.

------
7952
It would be good if this was available as a permanent fixture at bike racks.
Because it would be static you could use higher strength heavier materials
that would stand up to an angle grinder. The big problem for a lot of cyclists
is hauling heavy locks around. A keyless static lock would solve this.

~~~
ssalenik
Interesting idea, but I wouldn't expect it to work out well for long. It would
probably require a lot of regular maintenance, and if one breaks down while
your bike is on it, you would be screwed until a tech with the master
mechanical key comes to rescue you... which might then also make them liable
if you locked a stolen bike there...

------
codex
Lose your phone? Phone out of juice? There goes your ride. Someone steal your
phone? Now they have your bike. Combo locks are the best locks.

------
rednovember
Hmm interesting idea, but you are definitely not the first mover, and probably
someone else already has a patent on it, when did you file? There has been
others doing the same for a while. I have been waiting for someone to properly
execute this but everybody that tries ends up showing a video and 3d printed
mockups. Just to give you an idea:

[http://www.indiegogo.com/projects/haamlock-a-smarter-bike-
lo...](http://www.indiegogo.com/projects/haamlock-a-smarter-bike-lock)
[http://www.smartbikelock.com/](http://www.smartbikelock.com/)
[http://www.indiegogo.com/projects/social-lock-developers-
kit...](http://www.indiegogo.com/projects/social-lock-developers-kit-the-kit-
that-helps-you-build-your-own-smart-lock)

~~~
carlos_danger
I was at a y combinator hardware hackathon in march and a Stanford team was
doing something similar as well. Probably they have a patent on it.

~~~
rednovember
So was I. I think that team was from Berkeley though.

------
ssalenik
What sort of locking mechanism will be used? I live in Canada and ride my bike
all year round, in the rain, snow, sleet, below freezing temperatures, etc.
Sometimes I have to leave my bike outside during the winter. I've had trouble
opening my key operated lock before when it froze in the middle of the
night... luckily I was able to get it open with rubbing alcohol and chain lube
after about 20 minutes.

I'd be worried that this thing won't handle the weather, especially if its
only battery operated (no key).

~~~
mehrdad
original poster here: all of the internal electronic components are water
proofed and the battery operates under extended temperatures (currently the
same batteries are used in north pole for remote sensing)

But if the water freezes inside and prevents the actuator from moving, then
the lock won't work. the same can happen to the mechanical locks...if the
water gets into the key hole and freezes there or freezes up the locking
mechansim

------
emhart
I'm wondering if successful attacks on this lock (should it get popular enough
to warrant it) will lead to successful attacks on similar technology on homes.

There is an impressive amount of innovation when it comes to stealing bikes as
they are low-risk, decent-value targets compared to cars or houses. In the
past, attacks that originated with or were popularized on bike locks have
paved the way for attacks on other locks that protected cars & electronics.

------
evanlivingston
What's the advantage over a traditional lock?

~~~
arthulia
One less key to carry, I imagine. Practically speaking, I wouldn't really mind
having my wallet and keys integrated with my smartphone. It is the security
implications that make me uneasy.

~~~
evanlivingston
Sure. It seems like this is taking a problem space (physical security) and
adding complexity by introducing another problem space (digital security),
while further increasing my dependence on my phone.

------
jpalomaki
This could also easily enable a small scale bike sharing scheme (among trusted
people). In order to keep track of where each bike is, the phone app could
update the position to shared map when the lock is activated.

~~~
mehrdad
original poster: exactly! that's the main point. This is designed to enable
for small scaled bike share systems. you can share the location and access of
bikes with a (close or open) group of people. As the owner of the lock, you
set the terms. you can also assign people as admins so they can also manage
permissions.

------
stekoz
Is lock/unlock going to use some kind of OTP, or would the same communication
happen over BT everytime? Just thinking about how easily this could be cracked
by malicious people near you and your bike.

~~~
fleitz
If Eve wants to steal Bob's bike Eve is going to buy a pair of bolt cutters
before fucking around trying to find Alice and Bob's shared secret.

Even though Bruce Schneier could probably break that lock just by looking at
it, he's probably not going to become a bike thief.

[http://xkcd.com/538/](http://xkcd.com/538/)

------
oldgregg
I've been waiting for something like this-- with the right implementation it
could be a huge success-- but there's lots of room to get it not-quite-right.

~~~
mehrdad
We have been working on this for about a year.

Basically, the biggest technical and design challenge was the battery life.

We wanted to make the lock in a way that the user does not have to charge the
lock/battery nor has to worry about replacing the battery at least for a
couple of years.

To accomplish that, we had to look across all of the components that consume
power. On the radio side, bluetooth LE solved that problem for us. Since we
are sending data in bursts and the amount of data transferred is so little,
the radio power consumption is almost negligible. We also use an ultra low
power micro-controller with intelligent power management to low power
consumption when the lock is not in use. The biggest power sucker was the
mechanical actuation system. So that became more of a mechanical design and
engineering problem. Using a solenoid was our of equation. There are extremely
inefficient. We design the lock so that the actuator movement is minimal and
is driven by a very low power motor. However there was one last issue. Most of
the off-the-shelf batteries leak energy and deplete even if you are not using
them after a 1-2 years. We are now using an advance lithium battery technology
that has a very high energy density as well as very low leakage rate (This
technology is commonly used to power sensors in remote sensing and telemetry
application)

Eventually when the battery level drops low after a few years, you can
notification on your phone and you can then replace the battery.

~~~
slash-dot
Since the lock will probably be in motion when not not in use, couldn't you
just use some kind of kinetic charging mechanism to charge the battery? Is
kinetic charging not enough powerful? Or is the circuitry too complex?

~~~
bentcorner
Maybe store some mechanical energy in a spring to help reduce the amount of
"stuff" that needs to be moved just by the battery?

------
pimpl
1\. Is it more hackable than classic lock? 2\. What if my battery dies? No
biking for me then? :D

~~~
mehrdad
1 - Compared to picking a lock, hacking AES-128 is lot more difficult :D 2 -
The battery last up to 5 years on average usage (lock&unlock 5 times a day) +
you get a notification on your phone when it is time to replace the battery.

~~~
shabble
The physical security (especially the release mechanism) is what I'm curious
about. Elsewhere you mention the constraints low-power places on you, and it
strikes me that the less energy required to trigger the release, the easier
that might be to fake with bumping or vibratory attacks.

There were a couple of interesting DEFCON videos I've seen on electronic
safes, which are a similar niche, and quite a lot of them were utterly trivial
to open.

[https://www.youtube.com/watch?v=vIJFQO4DIxw](https://www.youtube.com/watch?v=vIJFQO4DIxw)
is one, trying to find the other, which I vaguely recall was from Barnaby
Jack.

------
1945
Just don't forget to charge your phone or you'll be walking home..

------
dvdhsu
I've thought about this problem a lot, and was thinking about building
something similar. This idea is essentially Lockitron, except it's more mobile
(both w.r.t the door/bike, and to w.r.t. its physical location). That mucks
with two things: a) the lock isn't attached to the bike, like a Lockitron is
attached to its door, and b) the lock doesn't have 24/7 data access, unlike
most Lockitrons.

a) makes it far less convenient to unlock. Sure, the lock might unlock itself
when I'm near it, but then what happens? Does the lock just fall to the
ground? Do I still have to remove the lock from my bike? If so, how is this
better than a combination lock?

b) makes it impossible to unlock remotely. Sure, it's great that I can tell my
friends the exact location of my bike, but what's the purpose of that if I
can't unlock it for them from afar? They still need my phone (effectively
physical presence) before they can unlock and use my bike. If I had a
combination lock, I could just tell them my passcode and they would be off.
Why not just a combination lock?

These two problems make it unappetizing for customers. There seem to be a few
main reasons why you have a Lockitron: 1) to go through the door without
fishing your keys out or fudging with the lock, 2) so you can let other people
in when you're not there, and 3) to know when people entered your house. In
fact, these are pretty much the exact reasons Lockitron touts on its website:
[https://lockitron.com/preorder](https://lockitron.com/preorder).

If a) and b) are true, most of the above three points have been not been
addressed. 1) is a direct result of assumption a), and 2) and 3) are direct
results of assumption b).

These problems aren't insurmountable, though. For a), some locks are
physically attached to the bike. Here's an example of one:
[http://lovelybike.blogspot.com/2011/02/is-wheel-lock-
useful-...](http://lovelybike.blogspot.com/2011/02/is-wheel-lock-useful-
feature.html). That way, when you walk up to the bike, it unlocks itself, and
when you walk away, it locks itself. There's no need for any physical
interaction between you and the lock. For b), you could include a cellular
modem [1], which would allow you to remotely unlock your bike. Even more
important, however, would be the added benefit of being able to track your
bike if it were to be stolen (since with a "cafe lock" like the one I linked
above, somebody could very well just carry it off).

1\. The problem is trying to find a suitable data plan. The ideal one would be
pay per kilobyte, with the SIM lasting forever. Since unlock and location
requests take up very little bandwidth, you could pay a small amount, like
$10, for a few megabytes. That should be enough for quite a few requests.

~~~
ewang1
No data plan is needed. You can implement something similar to two factor auth
tokens. Then the phones only need to know the correct token to present to the
lock.

~~~
cratib
Or public key crypto. You sign a message that grants your friends phone
access; the lock verifies it.

------
dictum
And now they will steal your bike _and_ your bike lock.

~~~
mehrdad
If someone manages to steal your bike, they probably damage the lock to get
it. In case someone steals your lock or you lose your lock, you can disable it
remotely.

~~~
th0br0
But am I notified when that happens?

~~~
mehrdad
Original Poster: Unfortunately no. because the lock has no direct data
connection. Besides, it will probably too late by the time you get to your
bike...unless you are very close by.

------
highace
Could the screenshot on that iPhone look any more imposed?

~~~
mehrdad
original poster here: please wait till the kickstarter launch. it's happening
very soon. all that information will be on our kickstarter page.

------
slater
Is there anything more to the site than a sign-up form? :(

~~~
mehrdad
We are launching on Kickstarter soon. Please stay tuned. Meanwhile feel free
to shoot me an email with any question you have! m.majzoobi@gmail.com

