

August Smart Lock - willthefirst
http://www.august.com

======
goldenkey
Locks are the kind of thing that you don't want computerized unless it
involves biometrics. The 'tech-it-all' attitude is getting kind of tiresome.
I've had newer washers with spin alignment sensors that break every year as
oppose to my old analog washer that lasted 20 years.. A lock simply shouldn't
have any hackable components. A microcontroller with wireless connectivity
inside of a lock is the kind of ignorance that the 'omg, tech' attitude
invites. As much as I like technical people, there are some folk who will
orgasm at anything that has a microcontroller on it - I'm kind of ashamed of
those folk - tech is a means to an end, not something you need to turn
everything into.

I will say this is very cool though. I would not use it or recommend others do
because the components and firmware are NOT open-source, and therefore it
cannot be audited and is a HUGE security risk.

------
javindo
It seems cool but I have a couple of concerns. Firstly, how exactly is it
detecting when someone is nearby? The iPhone doesn't have NFC for example and
GPS isn't exactly the most accurate thing in the world. Secondly, it seems as
though the device somehow connects to a front panel with a direct shaft to
move the lock mechanism, it seems as though it would be fairly easy to
compromise with a bit of brute force. How solid is the front panel? The large
size also gives a lot of leverage for breaking off.

~~~
garrettlarson
The site says it uses Bluetooth and attaches to a standard deadbolt (that
panel is presumably only on the inside of the door).

~~~
goldenkey
It's not particularly difficult to use two devices to act as a bluetooth
mirror and rob someone's house by just walking next to them for 5 seconds.

~~~
superuser2
I doubt the phone is just constantly broadcasting an unlock code. If it's
correctly designed, the lock and the phone would authenticate each other
cryptographically using a nonce or time/date to prevent replay attacks.

~~~
goldenkey
And that doesn't mean anything when the signal is mirrored in duplex. We're
talking about EMG, a wireless signal, not quantum bits that can be secured
against reflection.

It isn't a man-in-the-middle attack, because nothing is being altered, crypto
doesn't mean shit.

I'd call it a man-in-the-mirror attack ;-) The receiver/sender can't tell the
difference.

Automatic unlock is a huge vulnerability.

I would not trust a company that doesn't bother to even mention these issues,
even if they've defeated them, which I highly highly doubt. This product plays
on the convenience factor, and does not really address anything technical.
Cute, but no thanks. I'd rather have a safe house than a hipsterly cute one.

~~~
calciphus
Say it with me now:

Physical locks aren't unbreakable. A deadbolt does not make your house a
fortress.

I am all for good data security here, but if someone has targeted you to the
point of following you around to clone your phone's interaction with your
front door, I am pretty sure the glass windows provide a far easier target.
Most of them can be just lifted out of their frame.

Yes, it could be breakable. No, it is no less secure than an existing
deadbolt. Threat model matters.

~~~
goldenkey
I'm not 5. I don't need to 'say it with you now.' Take that smug attitude and
shove it up your ass.

Physical locks with heavy-set sprung pins, double shear lines, mushroom pins,
and additional security features can be almost unbreakable given the amount of
effort and noise that picking or breaking them will incur.

Your post is a contrite logical fallacy. The bluetooth mirror is trivial to
execute once the mirror is created. No one has to 'follow around', they walk
next to you for 2 seconds, and the signal is transferred bidirectionally, the
door unlocks.

Yes, it is way less secure than an existing deadbolt. Your post is akin to
saying a new operating system is secure because no viruses have been coded for
it. And we might as well put shitty locks on our doors, because they can break
in through the window anyways..right..and no one has bars on their windows,
because you don't?

Now, say it with me: "I'm okay with lax security, so everyone else should be
too."

Also say: "I don't know shit about pin-tumbler locks, so I can make posts
about security to misinform other people."

Now slap yourself twice for being a dolt. Thanks, class. Now back to nap time.

------
spb
Correct me if I'm wrong, but can't somebody pull the batteries out from the
outside and lock you inside your house?

~~~
andrewcooke
no, that's on the inside. it replaces the "knob". the keyhole/tumbler remains
on the outside so that it can be opened with a key.

