In May 2013, August released their first smart lock. The lock had a metal frame and was controlled using Bluetooth 4.0 with a smartphone app. As with other August door locks, the device clips on to an existing deadbolt on the inside portion of a door, still allowing the use of a traditional key. A Wi-Fi bridge was later released allowing remote access to the lock, and the use of virtual assistants. In October 2015, the company debuted a suite of new products including a second generation smart lock, a smart doorbell, and a keypad for users without a phone. The company also announced August Access, a platformto let couriers from Postmates, Handy, and other services get access to the lock through a one time code. The service was later expanded to include Walmart in select U.S. markets. A HomeKit compatible version of the lock was also released the following year. A cheaper version of the smart lock was released in 2017, along with a Z-Wave compatible version designed for professional installation. The new locks also added motion sensors to know whether the door is open or closed. The AugustAccess platform expanded to include locks for Yale and Emtek in January 2018.
Security concerns
In August 2016, a white-hat hacker showcased a vulnerability with August's one-time access codes allowing someone to use them once expired at DEF CON. The company patched the issue later that month. MIT conducted further research on potential vulnerabilities in the security of the device. They attempted accessing the device using multiple methods, none of which were successful. The methods they tested were the following: password attack, “I’m Not Listening” attacks, changing date and time settings, snooping Bluetooth packages, decompiling the app, sniffing TCP packets, man-in-the-middle attacks, and retrieving owner permissions offline keys. Out of all of these attempts, only one was theoretically plausible. By snooping Bluetooth packets, persons with malicious intent could attempt a “brute force” method by guessing the ciphertext necessary to unlock the door. However, the chance of guessing this combination of bits is one in over 18.4 quintillion, and the time required to attempt all sequences is projected to be over four years.
