Vanma had something really different at MWC, interesting electronic locks. Before you point out that everyone has them, SemiAccurate actually found something unique about these devices.
Electronic locks are nothing new, and most have some really fatal flaws, obvious ones. Think about trying to unlock your lock with a code and the battery is dead. Others are vulnerable to sniffing of the key exchange and subsequent replay attacks, plus many more flaws. These things are usually easy to spot with a few innocent questions, and then we move on.
The part that interested us about Vanma is that they didn’t have any immediate flaws and the initial questions were answered with assuring specificity. More importantly the more SemiAccurate dug, the more cool bits we found. Before we go on, we will say that we have zero knowledge about the mechanical workings and failing thereof for mechanical locks so we won’t go there. The rest of it however seems pretty well thought out.
Four key fobs on the bottom, locks all around
As you can see from the picture above, the Vanma locks come in all shapes and sizes from cylinder locks to cable locks and big beefy padlocks but the keys come in only one shape and size. The keys on the lower row are about the size of a car key fob, maybe a little smaller depending on how much of an ego accessory your vehicle is. They come in three variants, normal, Bluetooth, and fingerprint. The first and last variants should be obvious but the Bluetooth version is NOT to unlock the lock, just for authentication of the key and user. This will be important later.
The first flaw with many electronic locks is power, batteries run flat especially if you don’t use them often. Patches like solar panels work well unless your lock is indoors. Or in the shade. Or gets dusty. Actually they rarely work right. Vanma avoids this by putting no power in the lock, the key provides the power when it mates to the lock. Basically the lock is passive. Big flaw avoided.
Then comes next problem with ‘electronic’ locks, some have a keypad which limits your codes to a very small keyspace. Sure you can avoid issues by locking users out if they have a wrong code but this has down sides, especially in areas of high traffic like a trade show. Many years ago someone who looked a lot like me was confronted at the end of an IDF by a man we will call ‘David’ because that is his name. He asked me why I was trying to pick the locks on the registration PCs in the lobby in full sight of, well, everyone.
He then asked me why I wanted to steal the laptops. I said that I wouldn’t want a laptop that old, I just wanted to see if I could pick the locks. ‘David’ politely asked me to cease my games so I did. The point of this story is that if you suspend access then you are vulnerable to both random idiots at shows and to DDOS type attacks. Again we bring this up because Vanma locks have no keypad or way of opening the locks without a very specific and unique key.
Then there is the sniffing of keys. The key fob has to transmit the code to the lock and that can be sniffed, right? Since the Bluetooth key doesn’t use that to open the lock, how it that code transmitted? Via IR, the center of the key fob and the lock has an IR window that mate cleanly when the key is inserted. Since the lock has a recessed area for the key, good lock sniffing IR from this setup. While it is technically possible, putting a shim in there is… tricky to the point of absurdity, the prongs of the key would not turn if the shim had any thickness. Another flaw avoided and this was one of the bits I found neatest, who would think about IR transmission on a modern lock?
That brings us to the software side. Vanma has a console for management and logging as you would expect. While we didn’t evaluate this, it looks pretty straight forward. You can assign a key to multiple locks, multiple keys to a lock, and mix and match as desired. Bob needs access to even numbered cabinets and Sue to odd numbers? No problem. Fibonacci sequences for some employees and prime numbers to others? Sure. You can even make them authenticate to a phone or fingerprint for two factor-ish security.
The keys log and report what was opened, when it was opened, where it was opened, and most interestingly when it was closed. Or if it was closed. Excuses like, “I really locked it before I left” just went out the window. There are tons of other features, basically what you would expect and more from an enterprise logging system, if you really care there is more here. As we said we were not able to play with this console but given the list of clients, it does appear to scale and work as promised.
Then there are key management stations that run from smaller 10 key fob docks to full size stand up cabinets. They obviously charge the keys, program them, pull logs, and upload the data to the centralized console or server. Nothing special here, just that it exists so you don’t have to recreate the plumbing yourself. You can also simply charge the fobs via USB.
The last bit is the cost, and that is a bit variable. SemiAccurate only asked Vanma about the costs of the locks and keys, not the docks and console software. The locks were said to be in the $60-70 range and key fobs run $70-80, both depending on options. Big padlocks or thick chain locks obviously cost more than a cylinder. As is always the case, volume matters too but that is way out of the scope of this article.
In the end, Vanma came up with something SemiAccurate hadn’t seen before, electronic locks without obvious flaws. They avoided power issues, sniffing issues, and idiotic user issues. Actually they just catch the last one, avoiding it or better yet preventing idiocy is a much harder issue. That said if you have a lot of locks in your company, Vanma seems like a very interesting solution.S|A
