One feature I'd love to see is connecting it with the doorbell, then I would forget about my battery worries and go straight for it. Would come in occasional use for if someone you're happy to let in arrives while you are out, but would also be great for day-to-day use. They press the buzzer, you get a phone call to talk to them followed by the option to let them in or not. (Where I live right now, my office is two floors up, it's pretty rare that I can hear anyone at the door.)
edit: The FAQ page is a bit vague about international orders due to "latency issues", any chance of some expansion on that? To my mind, a long distance (say, UK to California) is adding less than a second of latency, and I wouldn't have any problem if the door took a couple of seconds to unlock. But maybe I'm misunderstanding the problem latency causes?
That said, we have a couple of international beta testers who seem to have a good experience, so I think that we will reevaluate this soon.
edit: One international issue that has occured to me is the cost of texting a foreign number. Do you have any idea of how many users you'd want to have from a country in order to get a number that's local to them? (And/or is your SMS provider unable to do that?)
I would be a lot happier with a single RFID tag per user (globally; it could be your phone with NFC, or a $0.05 tag) which could be remotely added or removed from the ACL on doors (use zigbee or even a 3g chipset built into the door; it only updates infrequently).
That way you don't need to pull your phone out in a dark alley and hit a button to unlock the door, and if your Internet connection is down (or power is out), the door can still unlock.
You could hack this up with the Schlage locksets and new firmware.
I guess it's a question of feature prioritization: no keys at all but a clunkier UX with less features, or a single RFID tag with lots of other benefits.
Edit: Legic is Austrian, not German. Fixed.
Edit 2: I was obsessed with this topic in '06-07 as the RFID startup I worked for struggled to maintain relevance as each use case for RFID proved pathetic ROIs vs existing solutions. I left when it was clear NFC/ payments was the only viable strategy and the startup was unwilling to drop the other verticals and pursue NFC (which is only now about to become viable).
I like the hacker aesthetic of lockitron, but want the robustness of the pro stuff too. Although if they do NFC tag reads in the lockset, it wouldn't be too hard to work as a simple internet-programmable RFID lock.
I'd much have a 4096-bit public key, than a flimsy piece of metal.
Can you tell us about the architecture? What kind of wireless link do you use? Does the lock poll the base station? How do you traverse the home firewall? Do you poll continuously?
> main advantage [...] is that everything is in the cloud (your data is encrypted).
What? Someone is trying to feed me buzzword soup again.
I fail to see any advantage in having my front door "keys" stored in the "cloud".
On the other hand the little RFIDs are absolutely awesome to open doors with, try to use them instead (they are cheap enough that it doesn't matter).
You can, however, argue that taking out your phone, launching the app, and clicking a button is as an aggregate action more involved than just inserting and rotating a key. I think the real benefits become apparent when you realize all the stuff this enables you to do: your spouse/friends no longer get locked out, you never have to do the "did I lock it or not?" dance, and if they provide an API, you can sync a lot of stuff when your door opens, like turn on appliances, trigger a network setting, boot your computer, text your friends, anything really.
As for not locking the door, that is definitely a problem (as is, as I have also done, unlocking the door and leaving the keys in it) but I have never really been in doubt that I locked the door, even if I hadn't.
This isn't disruptive to household locks, but to the high ticket price door entry systems.
Would it unlock the door if I captured packets sent by the phone, then replayed them later? (Would that be difficult to do? I've never done it.)
The short answer is no. The long answer depends on how many packets you capture. See also: http://www.mozilla.org/projects/security/pki/nss/ssl/draft02... (Section D.3)
We've gone to great lengths to ensure any additions are pareto-secure.
Why not have the phone talk to the lock through the local wifi? Or put a wifi/bluetooth radio right in the lock? That should be more dependable and faster. Is that what you are talking about here?
"if you would like to access Lockitron only via your local network, then we welcome you to flash your base-station with a new image that gives you full access to develop as you see fit (coming soon)"
Or, you could communicate via QR code on the screen, using a camera in the door (that doubles as a remote peephole).
Or, you could encode the data as high-frequency sound and use the speaker/mic for two-way comm.
There are all sorts of possibilities that beat going over the internet.
The easy way to do this was susceptible to a number of different attacks so we disabled it. The hard way is being sorted out.
>>Is that what you are talking about here?
Sort of. If you buy the equipment, it's yours to hack...this includes expanding functionality to support eccentric authentication mechanisms. I'll post some stuff to our blog in the coming weeks to give you an idea.
I'd much rather have a system where the lock uses an NFC sensor and a CPU, and it works with phones that have NFC. Yes, you wouldn't be able to do remote revocation (you'd have to be standing in front of the lock to send an updated CRL), but it would be a lot more secure, and it avoids dependence on a central server.
Then I actually thought about unlocking my door with my phone. This is a great idea.
