Thinking about upgrading my security. Found this interesting project on kickstarter:

It looks pretty promising! Open-Source, no cloud services and Windows Hello support.

What do you guys think about it?
I just want a second opinion before I invest money on it!

  • 2
    @linuxxx (due to him being the "open-source all the things" guy+his experience with password managers)
  • 4
    Few things I noticed (few minutes of quick reading):

    - open source software, awesome but what about the hardware? If that's not verifiable...
    - loads of things done through Bluetooth, how is the data encrypted in transit?
    - Feature list is vague (alright enough for usual people) which is manageable but it has quite some stuff which other security keys already have. (That's okay but it seems its advertising heavily with that)
    "Brings 100% accuracy with almost no false alarm for magic lock" - so 100 percent accuracy with *almost no false alarm*... Isn't that not 100 percent by definition?
    - can you actually use it without the app? I find loads about the Bluetooth functionality with the app but what if you can't or don't want to install it or don't want to use it over Bluetooth?

    It looks quite alright but some stuff I'm personally not fond of or sure about. I wouldn't go for this myself. (Doesn't mean you shouldn't by the way)
  • 1
    That was the corniest video I've seen in a while that wasn't a skit.
  • 1
    Thanks for the information/analysation!
    I just bought it. I mean... 20€ is not much and if it's pure garbage I don't have to use it, so... "the proof of the pudding is in the eating"
  • 0
    Answer to a comment from the creators:
    "to make sure the communication over Bluetooth is always secure and protected, we are using the 6-digit code for pairing to cover and provide high reliability in the wireless communication. In more technical words, during the pairing process, both parties that are involved in the communication exchange their identity information to set up trust and get the encryption keys ready for the future data exchange. For sure, the connection is completely encrypted using AES cryptography."

    And another answer:
    "All our software codes are publicly available on GitHub, and in the close future, we will publish the firmware codes as well. We will share the entire infrastructure and provide access to Hio SDK so anyone passionate about security can contribute to expanding Hio functionalities to keep all other sensitive information they may concern about."

    So yeah. This should answer some of your concerns.
  • 1
    @Skayo Awesome! What about the hardware though?
Add Comment