Architecture press: How safe are door release apps?
Siedle expert talk
Opening the house door with your smartphone is becoming increasingly common today. This is made possible by IP-based door communication and apps. But what does this technological change mean for security? And how can sensitive data be protected? Clemens Czibulinski, Head of Software Development at Siedle, speaks about continuous updates, server locations, cryptographically protected data exchange, and why a smartphone is more secure than a traditional key.
What difference does IP technology make in door communication?
Clemens Czibulinski: IP-based door communication is fundamentally different to a proprietary system like a bus. The software requires continuous maintenance and development. This is also relevant from a security perspective. At Siedle, for example, we collaborate with Teamfon, a leading provider of IP-based telephone systems. Our partner has a deep knowledge of Apple and Android operating systems, and is in constant contact with providers.
What is the best way of ensuring security for a door release app?
Czibulinski: In the digital world, security never stands still. There is no seal of quality that ensures the security of a piece of software, as the situation can change very quickly. That is why our strategy is to ensure security through continuous software updates. A lean software architecture of the kind provided by the new Siedle app for all our systems helps here. The app focuses on the major functions, which is decisive for user experience. It also accelerates testing and development processes. This means users get updates and patches faster than ever.
Security updates are one thing, ensuring security in data transfer is completely different. How do you achieve this?
Czibulinski: Data encryption is a vital factor. Our new app uses cryptographically secured data transfer with our server. This makes sure that the app only connects to the server. No one can get in between. We offer certificate pinning, also known as transport layer security, the highest encryption standard. Security-relevant data is encrypted end-to-end. This applies not only to the door release, but also to the images from the intercom system’s video camera.
What role does the server play as a data storage location?
Czibulinski: The server plays a central role. The best way to describe this is with the example of our server operated by our partner Teamfon in Munich. Having the server based in Germany is very important for data security. If it were located in the USA, for example, the authorities there could force us to surrender the data, as the legal situation there is different. We don’t have to worry about this, as our server and the entire IP communication is subject exclusively to German and European law. The server also creates a physically separated area with its own firewall and IP ranges. Teamfon is certified to the ISO standard 27001 for IT security. This certification consists of a technical and an organisational part. The auditors check the technical side, such as data encryption that prevents even our partner’s employees from accessing it. The organisational measures govern who can access and process the data.
The door release app is the present. How will IP change door communication in the future?
Czibulinski: Smart personal assistants in the home are a hot topic right now. I’m always asked about how these can be linked with door communication. My view is always safety first. At the end of the day, we are talking about the entrance to someone’s home. Imagine if you had your window tipped and someone were to shout inside: “Smart device, open the door”, and the door opens. That would be disastrous.
Keyless entry will play an important role in future door communication. No one knows whether there will still be apps in ten years’ time. But the smart phone will act as the digital key in our pocket. Many people are worried that this could present a security risk. But if I lose my house key, anyone can use it. If I lose my smart phone, it is generally protected by a PIN. And I can also disable the digital key remotely to prevent anyone from getting in. The smartphone certainly feels less secure than a mechanical key, but in fact the opposite is true.