This : https://everykey.com/#tech-specs

It seems cool and interesting.

Guessing it works by the software on the device ( the phone, computer or other thing being locked ) implementing some kind of access-control / FDE, which is then unlocked by some kind of certificate on the lock, with communication occurring over wireless.

Then if the everykey ( the "lock" ), is lost, it can be neutered remotely.

I'm thinking of a few things in terms of vulnerabilities, because I'd like to know just how good this system ( the lock and its protocol and associated software ), could be, as the convenience and the idea of it certainly seems cool, and it works to assess it. In terms of vulnerabilities, it seems like:

- the bricking protocol, could be vulnerable to attackers disabling the lock, or disabling the device remotely. Likely that protocol is secured by a password.

- the lock's communication channel could be interfered with, man in the middle on wifi.

- the lock could be impersonated or cloned.

- the protocol could be impersonated, as in a "confused deputy" scenario, tricking the system into performing the authenticated actions of locking and unlocking.

- the lock's signal could somehow be used to uniquely identify or track.

- the existence of the lock could be read as a signal of potentially valuable target.

Just a quick list. It would likely be interesting to know what HN thinks of this lock.