a) The shepherd couldn't actually open this with his phone.
b) If it's raining then that's all the more reason to get something reliable (eg. doesn't depend on battery charge).
c) It's better to spend $10 than $100 if people are likely to break it.
Nope, this is aimed squarely at the locker-room-frequenting-hipster demographic. People who want other people to notice their shiny padlock.
Well, it does have to be pointed out that our esteemed leader does often have trouble with this new fangled technology (particularly anything associated with a smartphone) — if it doesn't smell of vintage, he's going to have trouble with it.
Nobody serious about securing anything is using anything from Master, that's for sure.
So, it falls into the "if you're really not securing anything and you want a gadget, go for it" category.
So... a Bluetooth lock is overkill at this quality level. It'll sell great to the gadget crowd. But it won't really secure anything.
Talking about it's actual ability to secure something, certainly. I don't think anyone's arguing these locks are master thief proof, that was pretty well established when it was mentioned that they can be opened with a cut up soft drink can — no one's going to be securing the crown jewels with these things.
But sometimes a signal is exactly the point; like when it's hung on a gate that someone can simply jump over anyhow, attached to a locker (which is usually fronted by a door made of pretty flimsy metal), or holding a bike in a mostly locked compound (where you're more worried about opportunistic theft, than planned). And in these cases, the utility of the lock is by far more important than the actual security of it.
That's not to say it's
not being marketed to the "locker-room-frequenting-hipster demographic", that lovely blue light is certainly conducive to that market, but then, they are also the ones far more willing to pay for the convenience, and less likely to recognise it as fairly weak physical protection.
So yes, we've established it's not great physical security, probably being marketed to hipsters, and seems to be Dave resistant. We know that relying on Bluetooth for security is dodgy, and this thing probably doesn't go overboard on it's crypto, so it's probably vulnerable there, too.
However, on the insecure Bluetooth side, it's probably still on par with most RFID locks, which is an alternative that I've been considering for my front gate; I'd guess it's likely even a little better than regular RFID, since there's the Bluetooth "security", encapsulating a (probably) not terribly strong keyed exchange. That's still going to be a step up from copy tag, use tag.
BT locks are new. Early adopter products usually suck and are always somewhat silly. Routinely overpromise and under deliver. This one is no different. BT locks are gadgets. For now. BT locks are for early adopters - for now. But I can think of many reasons a BT lock would makes sense - needs for which a regular lock is either too limiting and cumbersome - or a purpose built lock - too expensive. (BTW - Electronic locks are not new - they have all but displaced the most security minded safes. Just look at what the Mas Hamilton x-09 and X-10 did to GES requirements. They are that good. They cost as much as well.)
This is also definitely true. Unfortunately,
all these kinds of devices have been a little flakey, not very secure (digitally), so on and so forth. But the techniques will improve, and they do need to start somewhere. Anything IoT is facing an uphill battle right off the starter, because the I in IoT is a wild and wooly place, with expectations not presently appropriate to a device of this class. It's one of the reasons there's so many competing standards vying to be "the new I in IoT" — trying to provide a more embedded-friendly gateway (or alternative entirely) to the wild and wooly internet. Devices like this one deal with that reasonably well by moving a lot of that into the Phone app — which I think almost has to be the way to do it for now — though at least a little more on the lock itself would be nice, from what we've seen on YouTube.
But when it's the functionality it offers that you want, rather than the physical security, and especially also, with more and more of us living in rented housing, or for those locker room using yuppies, where modifying the property to suit our needs doesn't always go down too well for the landlord… something like this really does seem like a suitable choice. As silly as it may seem to many of you.
We've seen from the recent debacle with the bricking of Lockstate locks by a remote firmware upgrade, that remote updating for electronic locks must be regarded as a vulnerability. At the same time, any experience with software security at all tells us that one must have the ability to update firmware/software to cover the inevitable vulnerabilities that will be found.
Firmware updates are also a relatively new thing in commodity hardware, and they're hard to do properly, and all too often end up bricking the device (most certainly not just padlocks), especially when it's already struggling to fit in the firmware it needs (ie. having room for fallback firmware). To the benefit of these devices in particular, though, they do not need to directly interact with the internet, and that saves them a whole load of resources and vulnerabilities. Squeezing a little more real crypto onto the chip (at least one of them already does AES256, albeit rather poorly from what I recall), should render Bluetooth's issues far less relevant (the same reason SSL is so important — it doesn't matter nearly so much how insecure your internet connection is, once you've got an encrypted and authenticated connection). And that is coming; the dedicated crypto components are making their way onto increasingly smaller chips, but even without that, both the bottom-end chips are getting bigger, and the crypto libraries are also getting made smaller and more efficient. And most importantly, the companies making IoT gear are starting to realise they need to learn how to use them.
And I still think a device similar to this (if not this specific one), would do just fine on my front gate, or any of the other situations I've listed.