AUGUST: BUILT-IN SECURITY IN IoT DEVICES

Home Security Meets Cybersecurity to Secure Homes Without Introducing Backdoors to the Back Door.

Posted on Feb 3, 2014 11:35:00 PM

Connecting devices to the internet introduces new areas for innovation, improvement, and intrusion. Connecting a lock to the internet meant that August Home had the unique challenge of maintaining customer confidence while introducing a new approach to securing their front door using the August Smart Lock.

THE CHALLENGE

First, August Home had to solve the challenges introduced by hosting their product’s functionality in the digital rather than physical realm — they needed to secure homes without introducing backdoors to the back door.

When you look at our product … if it were to get hacked or
compromised in some way, it’s not just a camera or an air
conditioner...

Tom Russo
August Home Product Manager 

“We are an IoT company, but we are also a security and lock company. We looked at our lock differently than some of the IoT products that are out there. Those products could afford to leave IoT security as a bit of an afterthought. But we couldn’t.”

To ensure the security of its product, August Home sought a firm that could assess all aspects of the product — hardware, firmware, and software. Their search led them to Bishop Fox. Eager to help pioneer and architect the security design with August Home, we brought our top mobile experts and leading product security researchers in to assess the project.

As Bishop Fox identified potential issues, the August Home team got to work on implementing new and innovative methods to strengthen their products’ security. This collaborative approach led to more creative and effective solutions.
Chris Dow, Vice President of Software at August Home wanted more than just a checkbox tick saying that their Smart Lock was secure, he
wanted to work with a team that would partner closely with his team along the way.

Bishop Fox is a group of security professionals who are experts in their field. They brought a number of different disciplines to the project, people who understood all aspects of what we were working with.

Chris Dow, Vice President of Software
at August

As we designed the encryption and authentication model for the lock itself, Bishop Fox’s team reviewed the design as we did it,” said Dow.

Working together during the encryption design allowed August to build solid IoT security in to all aspects of their Smart Lock before deployment.

“Throughout this project, it was clear that we were all working towards the same goal – a secure product, said Rob Ragan, Partner at Bishop Fox.

THE RESULTS

August Home put the security of their product and their customer’s peace of mind at the forefront of their design. As a result of their partnership with Bishop Fox, their Smart Lock went to market with two-factor authentication, Bluetooth Low Energy (BLE) technology encryption, and an update feature that allows August Home to seamlessly release security advancements to users.

August Home’s commitment to the security and well-being of its customers led to a well-designed and industry-leading product — a product that we at Bishop Fox use in our own offices.

Topics:Service - Product Security ReviewService - Application Penetration TestingIndustry - Consumer Electronics

SUMMARY

CLIENT:

INDUSTRY:

Consumer electronics

SERVICES PROVIDED:

Network Penetration Testing
Product Security Review
Security Policy Review
Download Case Study

About August

August Home had a vision to revolutionize home security by bringing it into the Internet Age. August Home saw the front door not only as a mechanism for keeping the bad guys out, but also as a tool for letting the right people in — at the right times, on the right terms, and always at the homeowner’s discretion.

The August Smart Lock lets users create virtual keys to their home and easily grant access to house cleaners, dog walkers, delivery services, guests, friends, and family—and control how long that access lasts—all from a smartphone.