Mehrdad from Picovoice here; We have made several models available for use in personal projects for free on our GitHub page. https://github.com/picovoice
original poster here: all of the internal electronic components are water proofed and the battery operates under extended temperatures (currently the same batteries are used in north pole for remote sensing)
But if the water freezes inside and prevents the actuator from moving, then the lock won't work. the same can happen to the mechanical locks...if the water gets into the key hole and freezes there or freezes up the locking mechansim
original poster: exactly! that's the main point. This is designed to enable for small scaled bike share systems. you can share the location and access of bikes with a (close or open) group of people. As the owner of the lock, you set the terms. you can also assign people as admins so they can also manage permissions.
If someone manages to steal your bike, they probably damage the lock to get it. In case someone steals your lock or you lose your lock, you can disable it remotely.
Original Poster: Unfortunately no. because the lock has no direct data connection. Besides, it will probably too late by the time you get to your bike...unless you are very close by.
1 - Compared to picking a lock, hacking AES-128 is lot more difficult :D 2 - The battery last up to 5 years on average usage (lock&unlock 5 times a day) + you get a notification on your phone when it is time to replace the battery.
The physical security (especially the release mechanism) is what I'm curious about. Elsewhere you mention the constraints low-power places on you, and it strikes me that the less energy required to trigger the release, the easier that might be to fake with bumping or vibratory attacks.
There were a couple of interesting DEFCON videos I've seen on electronic safes, which are a similar niche, and quite a lot of them were utterly trivial to open.
Like breaking most other encryption schemes, the algorithm isn't usually the weakness, it's the implementation. In this case, an angle grinder "breaks the crypto" in about 30 seconds, assuming they use top-quality locks as a base (which I doubt)
No we are not use a one time password. The key changes every time interact with the lock to stop man-in-the-middle attacks. We use AES-128 encryption that is the access control industry standard (and we think it is enough).
As a side note, I have PhD in embedded system security, although most of these things are crypto 101.
As a consumer product, BitLock is targeting a niche market (like any other keyless locks). It is way more convenient than a regular lock. You don't have to carry a key with you plus the interaction is seamless. Also we never have to deal with lost bike keys. However an important side application for this lock is bike sharing. For example, You can setup a bike share system among your friends on college campus. This you can't do with regular locks.
* Finally, you should disclose that this is your project when commenting on it.
I apologize about that. I kind of assume it was clear but thanks for the reminder.
If you want to share bikes, hand-off of keys will be an issue. With BitLock for example you can share 3 bikes between 10 people. with the app on your phone you can geolocate bikes and lock/unlock easily.
