The Current State of Smart Locks
schuylertowne.comI have been using the August for a few months now and I have a hard time recommending it to people. Smart locks need to be reliable and if they aren't then you lose trust in your lock, and, well if you lose trust in your lock, what's the point of owning it.
* Auto-unlock is great when and if it works, and is the only reason to own the August. Unfortunately it's currently iOS only.
* Everlock is currently in "beta" (it's the feature that auto-locks your door after 30 seconds), but one night after my friends left the house, it didn't re-lock itself, so now we can't trust one of the few features of the lock anymore.
* Opening the door with your phone itself is a slow and painful process. It takes anywhere from 5-10 seconds for the phone to connect to the lock before you can control it (this doesn't include unlocking your phone, opening the app, and selecting which lock to connect to). It's absolutely unusable for day-to-day users. There's no point in using this when your keys work faster. However, I can say this is useful for people that do not live in the home, i.e. friends, cleaners, pet sitters, etc.
That said, I have an extra August coming in that I'm not sure what to do with. Christmas is coming up and I absolutely do not want to give it out as a present because it's just not ready.
I replaced all of my door locks with Samsung SHS-3320/SHS-3321. These are standard RFID and I can (and did) buy cards/fobs for them super cheap. You can even stick a fob inside your hand/arm/face/whatever if you like: https://dangerousthings.com/shop/xnt-ntag216-2x12mm-glass-ta...
I've been super happy with them with a single caveat. They don't have Z-Wave support. If they made these exact same locks with Z-Wave support I'd replace all of my locks immediately with them. I really would prefer Z-Wave primarily for programming purposes because the existing touch-screen programming can be a bit limiting and it would be nice to be able to combine watching visitors (dog walker or cleaning lady, etc) with allowing access remotely via z-wave (currently they all have their own codes).
That said these locks are rock-solid and I wouldn't give up the physical security that comes from their great construction for anything.
A good related article about locks from the BBC: Is the traditional metal key becoming obsolete?
http://www.bbc.co.uk/news/magazine-29817520
I'm quite conservative when it comes to locks for the home and prefer the traditional mechanical lock and key. I like the Lockitron feature of recording when a lock is opened/closed but that could be integrated into a mechanical lock without requiring the lock itself to operate electronically.
I think this quote from the BBC article above sums up how I feel:
...what about wear and tear, asks Brian Morland of the History of Locks Museum in Bournemouth. He cannot foresee a time when mechanical locks won't be part of our daily life. "You drop a key in water and it's okay. If you drop an electronic key (or smartphone) it will cause endless problems."
I'm glad you referenced that article with your concerns, I'm actually quoted it in, but I think it was a bit of a shallow examination of a very deep topic.
I have my sole passion on the line when it comes to the decline of purely mechanical locks. My heart is brass and pumps grease. I love locks. That said - folks who can't imagine a time when the majority of door locks are electromechanical might wind up on the wrong side of history.
One of the constant refrains when I first found locks was that electronic locks could never be used in remote places where access to power might be a problem. Then I learned about the Kaba Mas X-series of user-powered safe locks. To the drop-it-in-water concern, many people are already using phones that are fully submersible and all of those people can use their phones to open several of the locks in this article. Not to mention waterproof electronic fobs.
There are a ton of pitfalls, the worst of which I touch on in the section on Yale's Real Living lock. The electronic lock manufacturers need to look to the history of mechanical security engineering before they reintroduce long-since-solved flaws. However, these systems are becoming robust and consumer ready. There are amazing electromechanical locks meant to be used exclusively on shipping containers, holding up to some of the worst weather conditions you can subject your hardware to. The market may not be mature just yet, but it is deep into puberty and whatever comes next will convince many more skeptics.
In the meanwhile, you can find me in a library, reading 19th century engineering texts, pretending the world I love isn't changing just as I learned to love it...
I realise my conservative attitude is somehwat contradictory given that many apartment blocks have an electronic entry system to the building for guests who ring the doorbell/press the buzzer. And yet, a mechanical lock for my front door still feels more re-assuring to me than an electronic one. But as you say, we're in the "early adopter" phase and perhaps it's just a matter of time before electromechanical locks become commonplace and accepted.
Mechanical locks will always be more comfortable to me, I'm sure. But I think that has something to do with understanding how it works. I'm a mechanical security guy, I'm able to follow the general field of electromechanical security and have a sense of info/network/app security, but I'll probably never completely know how those things are keeping me safe.
Don't electronic locks come with a backup key in case the battery goes dead? I have a Schlage Camelot and it does have a spare key, not sure if it's commonplace.
Most do, only the Haven explicitly positions themselves as anti-key, but Yale offers a keyless experience and it is possible to go completely keyless with both Lockitron and August as well.
> You drop a key in water and it's okay.
Exactly like an RFID token.
I've tried a few of these. Kevo, lockitron, and some RFID one from samsung (which was my favorite). The main problem for me, mentioned in the article, is that residential doors are often not well aligned. if you try to open the door while locked you can end up putting enough pressure on the deadbolt that the motor can't open it. Humans recognize this with mechanical locks and we automatically adjust.
The worst part of that, though, is when the smart lock tries to reset it self and try again. You end up standing there while it goes back and forth, and in the end it's a huge hassle.
Humans are good at adapting to new situations and dealing with ambiguity like misaligned doors. With my mechanical lock, I can get really good and really fast at opening it in all circumstances. but with the smart lock I'm subject to it's slow speed and inability to adapt to new situations. I can't make it go faster.
I'd rather doors be redesigned to be more like car doors.
What a thorough and interesting review. I was wondering why all the attention is placed on the locks and have been thinking that, a la many apartment buildings in cities with their buzz-in door locks, why not approach the "smart lock" problem by using electric strikes? A drawback would be you would need to supply power to the door frame, but then you wouldn't have to deal with worrying about when the batteries run out of juice.
To put it another way, suppose that, planning ahead, I install an electric strike that allows me to "buzz in" people. Then what I would like to do is be able to "buzz in" using a smartphone app, say.
Lockitron is also working on controlling existing electronic strikes. https://lockitron.com/store/buzzer
They're not working on it as something new. That was their first product many years ago.
Interesting, i'd never heard about that until pretty recently. To be honest, when I think of Lokitron all I think of is the deadbolt product, and then mostly manufacturing/shipping delays.
Their first product was very similar to the deadbolt one but it was a retrofit electronics for someone else's mechanical deadbolt. It was also powered and had to be connected to Ethernet. I'm going by memory and could be a bit off on the details.
But yeah the deadbolt is a refinement of their earlier product. Which makes me a bit baffled about how badly executed it is the second time around.
Would love to have seen the Schlage locks included in the comparison - I think they're the front-runners. Perhaps I'm overlooking some terrible flaw?
They really know the hardware/manufacturing side. You'll get a good lock from them. It's standards based, and those standards (e.g. z-wave) take into account power requirements, meshes, and security. I worked on their web app, Nexia, some time ago, and because it's standards based you can also DIY with their locks and something like Mi Casa Verde.
Great Read. I see a ton of the GE Supra iBox Lockboxes. I hear they cost realtors a lot and they have no alternative. Perhaps for the VRBO or non-Realtor properties too.
This is a really stupid question, but will there be hybrid locks not for door/access but stuff we never thought could be locked in the old mechanical days? a pack of cigarettes? pill bottle? sleeve to a jacket? briefcase? mouse? baby child-proofing? an envelope?
Not a stupid question at all. A dive through the patent record reveals a ton of amazing ideas for locking random objects up. in my conversations with Bob Swartz he has been fond of saying that locks are essentially latches, which is a great way to think of them. Here is a quick rundown of locks that have been patented that cover your examples:
Time Lock for Cigarettes: https://www.google.com/patents/US2681560
Combination lock for Pill Bottles: https://www.google.com/patents/US3405828
Ok, not a sleeve, but a mechanical lock for jacket pockets: https://www.google.com/patents/US1138507
and, of course, briefcases take a lot of locks, including very high security ones: http://bagstogo.com.au/Secura-Case-15cm-Security-Briefcase-w...
And thanks for the kind words!
I loved this writeup, but was sorry to see the Sunnect digital deadbolt missing from the lineup (http://www.sunnectlock.com/products.html).
I've had mine for 4+ years and have found it very reliable. It's keyless and non-networked, both of which I consider to be features. Aside from initial installation (which was a pain), no other complaints.
Could the power/charging issue be handled by a rotatable handle/component that can charge up a battery if it goes flat and leaves you outside? A bit like the wind-up torches you see around the place?
Or would it require minutes and minutes of manpower to realistically charge?
Yes, it is a very good idea. That's precisely how the Mas Hamilton/Kaba Mas X-series safe locks work. The dial is rotated a few times first, at which point the lock powers on and can be operated, solenoids fired, etc.
However, those safe locks get to control many other aspects of the mechanical makeup of the lock, and rely on well defined and reliable standards of production of the doors they are applied to. Consumer smart locks don't get that advantage, so the amount of power required to throw a bolt won't always be consistent. I don't know what it would take to ensure enough human power is transferred to provide enough force to always overcome a stuck bolt.
Now there's an interesting idea. Instead of a solid axle between the two door handles you could have a split axle and some sort of dynamo. If you gadget dies you just sit there and crank the handle around a few times.
I'm picturing someone with a scarf wrapped around the knob and employing a method similar to starting a stick fire...
Another idea to provide backup power is to have backup battery in the "key". The key wouldn't be need to be mechanical, but electronic, and could provide the juice for emergencies. Another option would be a "key" that acts as microUSB adapter to provide power from phone.
Providing power through the key makes it an attack surface (what if I supply 5kV? can I use it for power-analysis attacks? etc)
Latter idea is mentioned in the post, though...clocking in at ~7500 words I blame absolutely no one for not getting to the end haha
I was hoping for more of a security testing/review of each of the locks. It's hard to find any real world tests that have been done on these locks to see how hard they are to physically compromise.
I have the Yale lock but without the keyhole on it and without the z-wave module in it. I chose this one because it was one of the few that avoided having an actual keyhole on it to lessen the chances of being picked or bumped. I'm still wondering how it stacks up to being hit with a hammer or any other physical attacks.
Yeah, sorry to fall short of actual physical testing. There are some awesome researchers champing at the bit to get their hands on a collection of these locks, so expect blog posts, conference presentations and papers to start trickling out over the next year or so.
Personally, I'm very interested in your experience of living sans key. Do you live with anyone else? Was there any discussion or extended thought process before making the switch? Do you have an idea of what your ideal lock would be/do?
Living with no key is great. Just need to remember a 4-8 digit pin code. All I carry now is a key fob for my car. I live with my girlfriend and we each now have our own pin codes on the Yale lock, super easy to use and I've had installed now for 1 year and have not had to change the batteries yet. The auto locking feature is also nice so no one forgets to lock the door, it just locks after about a minute. If I'm expecting friends or a maid I can input a new code for them in 2 seconds right from the lock.
My ideal lock is pretty close to the Yale: - Physically tough (not sure if the Yale lock is but it feels pretty hefty to me) - No key hole - 4+ digit pin codes - Multiple pin codes - Auto lock only when door is closed (the Yale does it based solely on time) - Easy way to plug/unplug a z-wave or zigbee module. Although I don't see much benefit to having my lock hooked up to the internet. I can simply tell people my guest code that is programmed on the lock if I need to let someone in and I'd prefer not to open up another possible attack vector.
I also have a Samsung EZON 3120 which has been discontinued but I like that it locks only when the door is closed.Also when typing in a pin code it makes you hit two random numbers on the key pad before entering your pin code to make it harder for someone looking over your shoulder to figure out the code and/or leave fingerprints of your code on the touch pad.
I have one of the Yale locks in the UK and you can enter as many digits as you want before and after the actual combination and it will still work.
@billyvg - I'm part of the team at August and sorry to hear you're not having the best experience. Auto Unlock is coming to Android soon and we are quickly fixing issues in the field as they come in. Many are new issues that are either specific to the user environment, manufacturing batches or didn't show up in QA/beta. If you wouldn't mind pinging me at bv@august.com, would love to debug any issues your lock might have.
Interesting read! Do you have any thoughts on the qKey system from the Dutch startup Ubiqu? http://www.ubiqu.nl/
Oh, this is awesome! Thanks for the heads up and kind words . I don't, yet, have any thoughts, but 2 of the 3 mentors/teachers I mentioned at the top are Dutch, so I will be hitting them up for their insights. You can find them at:
Barry Wels: https://twitter.com/barrywels Han Fey: http://hanfeylocktechnologies.com/
There's also "smart with a somewhat traditional key" as in http://www.iloq.com. Doesn't talk to your smartphone; actually, doesn't talk at all until a key is inserted. That removes many privacy/security concerns. Open question for me is how easy this is to crack and how reliable it will be (if you have a valid key, will you be able to get in, even after a few years of wear and tear?)
I'm somewhat disenchanted with the prospects of keeping a house safe with the use of a lock. Even if the lock itself is perfectly safe, any sliding doors or windows are easy points of entry. And even if those aren't an option, many doors and frames are flimsy enough that a prybar or a ram will split them.
Sure, there are ways around all of these, but you'd end up feeling like you live in a prison...
There's also removing a couple of tiles from the roof.
The rififcoup!
So named for the fabulous film Rififi, in which burglars rented an apartment, then drilled through the ceiling to the floor below. This was a direct reference to the French criminal anarchist Alexandre Marius Jacob who famously carried out just such an attack in the early 20th century. At his trial (for murder, among other things) he uttered one of my favorite quotes. He was asked what had become of him, he had traveled the world as a sailor, he was educated, how had he become a murderous anarchist. To which he replied:
"I have seen the world. It is not beautiful."
Kwikset makes several deadbolts with keypads and keyZ-Wave support that I've been very pleased with. I'm a big fan of the quick rekeying feature most Kwikset locks have these days so I can always rekey just all my doors and give that key to someone (since putting Z-Wave enabled deadbolts on all my doors would be fairly expensive).
> who want to bring a keyless hotel lock experience to the US
No thanks. Those keyless hotel locks fail too often when I use them to ever want them for my home. At least in the hotel, I can go back to the front desk and they'll fix it. I also don't care for the slowness of operating them vs a regular key.
It would be more interesting to get a write up of your kickstarter fiasco. https://www.kickstarter.com/projects/schuyler/lockpicks-by-o...
For anyone interested in this space, i recommend looking into ethereum, a bitcoin-like network. There's been lots of talk of "smart property" relating to blockchain technology, and imho, locks are the perfect starter use-case. I mean, locks are all about proving ownership, so what better arena to test the idea of using a cryptographic ledger of ownership. I've spent a little time considering how to port the lockitron api into an ethereum contract, and I don't expect it to be too difficult
"I mean, locks are all about proving ownership"
I don't think that's true at all. Locks serve two primary purposes:
1. Access control 2. Intrusion detection
Neither one is really about ownership, but about allowable use. And particularly neither one is about proving ownership.
> I don't think that's true at all.
Forgive me for saying, but this whole response seems like a confrontational HN-esque way of saying "What about intrusion detection?"
To which I'd say, "Great point! And you're right, that comes more easily for physical locks. Although I think we could do some interesting things with incrementing nonce's for successful and failed attempts to transact with a smart lock design."
I thought your original comment was misguided. I think there are cool and interesting things happening with blockchain technology that are related to ownership, and that are based on locks. But the fact that some new technology touches both doesn't mean that traditional locks do.
"Ownership" is a legal concept. A lock doesn't prove ownership in any way. The person with the keys to a car or a house isn't the owner of it. The person listed on the pink slip/deed is.
I started out saying that locks are just about access control, then remembered the old "locks keep honest people out" adage, and added "intrusion detection" to the list.
It is stunning to me that these products exist and are going to be widely deployed.
Your front door lock should not talk on the network. It should not have "social features". It should not rely on electricity.
Your smoke detector should not be connecting to google servers. Your thermostat should not be connected to facebook.
Those are facts.
Either you instinctively understand those facts or you will learn them accompanied by much pain.
So it is potentially as cut and dry as you suggest, but I'm going to dig into the anthropology of security a bit here and posit that in certain pockets of the world we are entering a post-lock age. Where, as Paul Gerhardt said, locks are about choosing who you let in.
To do this idea justice I should give you a thousands words on the great lock controversy of 1851, but suffice it to say that there was a watershed moment in the 19th century when England, and by extension Europe & the colonies, learned that the idea of perfect security was dead. While technological innovation temporarily boomed, it ultimately fell into a century-long decline. This was punctuated by the criminalization of the exploration of security, and a bunch of other bad stuff.
In general, we saw a decline of technological methods of ensuring security and a dramatic increase in political methods of ensuring security. Whether or not this worked, in the past decade in the US we have developed pockets of this country that, despite reasonably high population density, could completely eschew locks without much worry. Locks have become as much a symbol of social order as a mechanical construct.
OK, all of that said - for those people who are enjoying this level of safety and security, locks take on a different idea. Keys often seem burdensome, and when trying to sell new products to this market, you can't rely on scare tactics anymore. Instead we see a big shift toward convenience (this is mirrored in the early 19th century, by the way) and now, the addition of social features, which shouldn't be misunderstood to mean twitter, facebook, etc. But the ability to share keys easily, to security semi-private spaces in easy, convenient ways.
As a whole, we aren't living in a post-lock world, but there is a vibrant market of people who are living in something close. To them the lock needs to do more than act as a bulwark to roving malice.
EDIT: For the record, I didn't downvote you, and I'm a little bummed to see that others did. I think you brought something up that a LOT of people think, and I don't think it's invalid. It also provided me the opportunity to inject some nuance, so I was glad you commented!
It's unfortunate you're being downvoted for pointing out something many programmers take for granted - that introducing unnecessary complexity to a security-oriented product makes it less safe by design.
I think they're being down-voted by listing some opinions and finishing with 'these are facts'.
Maybe networked door locks are a poor idea, maybe they're not. There's nowhere near enough of them in use right now for consumer risk to be assessed and determining 'facts' is a long way off. That kind of arrogance is obnoxious and should be down-voted. It doesn't add to the discussion, it doesn't add to anyone's understanding of the risks involved, it just acts to shut down conversation and is negative and damaging to the community.
Looking at similar advances in car locking technology - where 'keyless entry' or 'keyless go' is a common high-end car feature, suggests that it might actually be possible to have this balance of convenience and security.
>Your smoke detector should not be connecting to google servers.
It wasn't when I bought it :(
Mo,
Having recently purchased a home, and piled rocks, loose stones, bricks and the like next to my window laden front entryway door, what lock do you recommend I purchase?
Bear in mind, I don't want anything that my neighbors will understand, or industry experts will look down on. As a technophile, I want to walk only the bleedingiest of edges, employ the most futuristic of tech, and employ the bare minimum of common sense.
In fact, if it could be expensive enough be the target of break-in, so much the better!
love, shmoo
Heh, if you want to go absolutely bonkers you could go with a lockitron/august/Haven on the interior, multi-point locking system in the door, an Abloy Protec 2 or EVVA MCS for your primary lock, and a Drumm Geminy Shield over that. (the Drumm shield is a lock to protect your lock.)
Remarkably, you could probably make it all happen for just north of 1k, or less if you are willing to do much of the labor yourself. Of course you'll have to wait for your smart lock to arrive, but you can rely on the mechanical locks in the meanwhile.
And any mechanical security enthusiast you invite over will be absolutely floored by your setup.
Generally, the security of a home is not determined by the security of the front door lock. Most burglars either enter by kicking in the front door, or by entering through a window or sliding door.
Electronic locks are great for additional features, but not additional security.
High-security locks are really designed for commercial or governmental settings, where rooms with locks and no windows are common.