Securing Otto
Otto is designed to be the most secure residential lock on the market. In eliminating the weakest part of the lock, the key, your lock cannot be picked.

Otto also combines a number of digital security precautions to keep your home safe. First, Otto the company can never lock or unlock your door due to our use of elliptic curve public-key cryptography and our own two-factor key hierarchy. Each user generates her own public and secret key-pair that is associated with her account. The user’s key-pair is backed up securely in the Otto cloud and protected by her password and security questions. Each device that the user authenticates to operate Otto, e.g. Alice’s iPhone 7, generates its own key-pair that never leaves the device. It is the device’s key-pair that’s responsible for locking and unlocking Otto.
All communication over Bluetooth LE is secured by end-to-end 256-bit authenticated encryption. All communication between the Otto cloud and both the Otto App and the Otto Lock is secured using TLS 1.2 with an end-to-end 256-bit authenticated and encrypted cipher. The cryptographic algorithms we use have no known vulnerabilities.
We have also applied additional security techniques. Every time an interaction occurs between a user’s app and the lock, our protocols securely negotiate a new asymmetric key to provide Perfect Forward Secrecy (PFS). This protects past and future sessions. For example, when a user grants or revokes access to a place, the connection between the Otto App and the lock occurs over a secure session. Additionally, we use certificate pinning to ensure that all communication over the Internet is securely routed exclusively through the Otto cloud.
Most important, the owner of the lock always retains ultimate control. She can delete, remove, and change who is allowed and when they are allowed entry. Otto the company cannot change who has access or what type of access because all authorization messages are secured by the user’s secret key. In addition the owner has a full record of who unlocked the door from the outside.
Finally, we have built-in automatic firmware updates over Wi-Fi to ensure your continued security.
The variety of security measures Otto employs — from the quality of deadbolt used to our cutting edge cryptographic protocols — ensure peace of mind for you and for your family.
We’ll be releasing a security white paper on https://meetotto.com this fall.
