August Home

August, Inc is a San Francisco-based home automation company, focusing on Wi-Fi connected door locks and doorbell cameras. The company was founded in November 2012 by Yves Béhar and Jason Johnson.

On October 19, 2017, Swedish lock manufacturer Assa Abloy announced an acquisition of August Home. The deal closed in December 2017.

As of July 2018, August Home had sold over one million smart locks and cameras.

Products
In May 2013, August released their first smart lock. The lock had a metal frame and was controlled using Bluetooth 4.0 with a smartphone app. As with other August door locks, the device clips on to an existing deadbolt on the inside portion of a door, still allowing the use of a traditional key. A Wi-Fi bridge was later released allowing remote access to the lock, and the use of virtual assistants (such as Amazon Alexa).

In October 2015, the company debuted a suite of new products including a second generation smart lock, a smart doorbell, and a keypad for users without a phone. The company also announced August Access, a platform to let couriers from Postmates, Handy, and other services get access to the lock through a one time code. The service was later expanded to include Walmart in select U.S. markets. A HomeKit compatible version of the lock was also released the following year.

A cheaper version of the smart lock was released in 2017, along with a Z-Wave compatible version designed for professional installation. The new locks also added motion sensors to know whether the door is open or closed.

The August Access platform expanded to include locks for Yale and Emtek in January 2018.

Security concerns
In August 2016, a white-hat hacker showcased a vulnerability with August's one-time access codes allowing someone to use them once expired at DEF CON. The company patched the issue later that month. MIT conducted further research on potential vulnerabilities in the security of the device. They attempted accessing the device using multiple methods, none of which were successful. The methods they tested were the following: password attack, “I’m Not Listening” attacks, changing date and time settings, snooping Bluetooth packages, decompiling the app, sniffing TCP packets, man-in-the-middle attacks, and retrieving owner permissions offline keys. Out of all of these attempts, only one was theoretically plausible. By snooping Bluetooth packets, persons with malicious intent could attempt a “brute force” method by guessing the ciphertext necessary to unlock the door. However, the chance of guessing this combination of bits is one in over 18.4 quintillion, and the time required to attempt all sequences is projected to be over four years.