Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

August Home white logo for Bishop Fox customer story on  mobile application penetration testing. August: Built-in Security in IoT Devices. Application Security: Mobile Application Assessment Service.

August: Built-in Security in IoT Devices

Connecting devices to the internet introduces new areas for innovation, improvement, and intrusion. Connecting a lock to the internet meant that August Home had the unique challenge of maintaining customer confidence while introducing a new approach to securing their front door using the August Smart Lock.

A hand opening an August Home Smart Lock that Bishop Fox performed mobile application penetration testing. August: Built-in Security in IoT Devices.

Home Security Meets Cybersecurity to Secure Homes Without Introducing Backdoors to the Back Door.

The Challenge

First, August Home had to solve the challenges introduced by hosting their product’s functionality in the digital rather than physical realm — they needed to secure homes without introducing backdoors to the back door.

When you look at our product … if it were to get hacked or compromised in some way, it’s not just a camera or an air conditioner..."

— Tom Russo, August Home Product Manager

“We are an IoT company, but we are also a security and lock company. We looked at our lock differently than some of the IoT products that are out there. Those products could afford to leave IoT security as a bit of an afterthought. But we couldn’t.”

To ensure the security of its product, August Home sought a firm that could assess all aspects of the product — hardware, firmware, and software. Their search led them to Bishop Fox. Eager to help pioneer and architect the security design with August Home, we brought our top mobile experts and leading product security researchers in to assess the project.

As Bishop Fox identified potential issues, the August Home team got to work on implementing new and innovative methods to strengthen their products’ security. This collaborative approach led to more creative and effective solutions.

Chris Dow, Vice President of Software at August Home wanted more than just a checkbox tick saying that their Smart Lock was secure, he wanted to work with a team that would partner closely with his team along the way.

"Bishop Fox is a group of security professionals who are experts in their field. They brought a number of different disciplines to the project, people who understood all aspects of what we were working with."

— Chris Dow, Vice President of Software at August

As we designed the encryption and authentication model for the lock itself, Bishop Fox’s team reviewed the design as we did it,” said Dow.

Working together during the encryption design allowed August to build solid IoT security in to all aspects of their Smart Lock before deployment.

“Throughout this project, it was clear that we were all working towards the same goal – a secure product."

Rob Ragan, Partner at Bishop Fox.

The Results

August Home put the security of their product and their customer’s peace of mind at the forefront of their design. As a result of their partnership with Bishop Fox, their Smart Lock went to market with two-factor authentication, Bluetooth Low Energy (BLE) technology encryption, and an update feature that allows August Home to seamlessly release security advancements to users.

August Home’s commitment to the security and well-being of its customers led to a well-designed and industry-leading product — a product that we at Bishop Fox use in our own offices.

About August

August Home had a vision to revolutionize home security by bringing it into the Internet Age. August Home saw the front door not only as a mechanism for keeping the bad guys out, but also as a tool for letting the right people in — at the right times, on the right terms, and always at the homeowner’s discretion.

The August Smart Lock lets users create virtual keys to their home and easily grant access to house cleaners, dog walkers, delivery services, guests, friends, and family—and control how long that access lasts—all from a smartphone.

Customer Profile
Consumer Electronics
Services Provided:
Product Security Review Application Penetration Testing Hybrid Application Assessment Network Penetration Testing

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.