Should This Thing Be Smart? Bike Lock Edition.

If you have been looking for a bike lock that will give your mom a heart attack every time you come to a hard stop on a bumpy road, this is the one for you.

The Ellipse smart bike lock by Lattis.
The Ellipse smart bike lock by Lattis.
Lattis

In Should This Thing Be Smart?, Justin Peters examines a smart object and tries to determine whether there is any good reason for its existence—and how likely it is to be used for nefarious reasons. Previously on Should This Thing Be Smart?: the $60 smart fork, the $199 smart socks, the $80 coffee mug, the $99 button, the $99 toothbrush, the $99 dog collar, and the $1,199 mirror.

Product: Ellipse

Price: $199 on lattis.io, $128 on Amazon at time of publication

Function: The Ellipse is a “smart” bike lock. What makes it smart? You guessed it: good genes and study drugs. No, just kidding, the Ellipse is smart because it boasts a Bluetooth connection and a paired smartphone app. With them, you can unlock your bike without having to fumble for a key or remember a combination, and you can also remotely grant other people access to your locked bike. The lock will ping you if it senses someone tampering with your bike and will notify your emergency contacts if it senses that you may have been in a crash. If you have been looking for a bike lock that will give your mom a heart attack every time you come to a hard stop on a bumpy road, then the Ellipse smart bike lock might be the bike lock for you.

The case for the smart bike lock: The Ellipse smart bike lock is a very interesting bike lock! It exists in part to solve a logistical problem faced by people who choose to lend their bikes out to others. Let’s say that your friend wants to borrow your bike, which is currently secured to a bike rack with a U-lock. Well, since you’re a good friend, you’ll probably either 1) go unlock the bike for her, or 2) give her the key and implore her not to lose it. Now let’s say that 100 friends want to borrow your bike, all at different times—and let’s also say that, because you are a pushover, you say yes to all of them. (This is the downside to having 100 friends.) You’re screwed now! What are you going to do? Clear your schedule so that you can be on hand to unlock the bike for each rider? Make 100 different copies of the key and just assume that none will fall into the wrong hands? Change your name and flee the city to go start a new life in Guadalajara? There are no good answers here.

You see the problem. Standard bike locks don’t really work for people who want their bikes to be accessible by multiple riders. With Ellipse’s keyless entry system, you can grant access to whomever you like whenever you like by sending them a code that they can use to unlock the bike. That way, you can also ensure that they don’t come back later and borrow it without permission. Plus, the lock’s sturdy chromoly steel construction will keep the bike safe from run-of-the-mill thieves. Thanks, Ellipse!

Though the Ellipse is clearly designed for use by bike-share fleet managers, the company is more than happy to sell it directly to you, a person who either cannot or will not deign to remember a combination or fumble through pockets for a key. If you are this sort of person, you will be thrilled to learn that you can unlock the Ellipse by tapping your smartphone, and then, presto, off you go. The only way to unlock your nonsmart lock with your phone is to use the phone as a bludgeon, hammering away at the locking mechanism until either it or the phone gives way. Spoiler alert: Your phone will always be the thing that gives way. The Ellipse will save you a ton of money on replacement phones.

The Ellipse is both a lock and a watchdog. It will send you a “theft alert” if it senses that someone (ominous Halloween voice: or something … ) is tampering with your bike. At that point, you have several options. You can call the police. You can bound out of your house yelling and waving your arms in a bid to scare off the presumably skittish thief. You can choose to assume that the alert is a false alarm and go right on eating your sandwich. You can choose to (gritty Death Wish voice) take the law into your own hands. I really do not endorse that final option, but you do you.

The Ellipse is self-charging. A small solar panel transforms the sun’s healthful rays into battery power, and then stores the charge until you need it. No need to waste one of your precious power outlets on your bike lock, and there is certainly no need to plug a power strip into another power strip in order to create more outlet space. The Ellipse will reduce your risk of household electrical fires.

The case against the smart bike lock: There is ample evidence to suggest that the Ellipse actually sucks. In a July review, CNET criticized the lock’s abnormally short shackle, found that the vaunted tap-the-phone keyless entry system was rather inconvenient, and said that using it daily was “an incredibly frustrating experience.” Amateur reviewers have been even harsher. For more on this point, I will direct you to the product’s Amazon page, where reviewer after reviewer complains of Ellipse’s shoddy construction, poor design, and nonexistent customer service. Many online reviewers really seem to hate the Ellipse. “This item is complete garbage. Does not connect to the phone, no fall back unlock, no clear directions on how to press on the key,” wrote one Amazon reviewer. “This is probably the worst techno gizmo i’ve ever bought. It is unreservedly terrible,” wrote yet another. Multiple reviewers have mentioned a potential class-action lawsuit against Lattis, basically for overpromising and underdelivering, which is definitely not what you want from a lock. Multiple reviewers have complained that the Ellipse is not at all waterproof and that even a small amount of exposure to liquid will basically fry it, thus making the Ellipse the Wicked Witch of the West of locks. You know what doesn’t break when it comes into contact with water? Every other nonsmart lock in the world.

The theft alerts seem great in theory, but you will be unsurprised to learn that the feature seems to fall very short in practice. Reviewers write of limited Bluetooth range that inhibits the utility and complain of receiving false alarms set off by jostlers, passers-by, and other nonthieves. How many false alarms will it take for you to become inured to the alerts? The answer is one. After two false alarms, you will start thinking of the Ellipse as the lock that cried “thief” and will stop trusting its warnings.

Look, I suppose that this complaint is not specific to the Ellipse, but the one thing in my life that I don’t want to be smart is a lock. I am perfectly happy with all of the locks in my life being very, very dumb and thus unhackable from a distance. Does this mark me as a Luddite? A “square”? Go right ahead and laugh at me, you early adopters, but be forewarned: I reserve the right to laugh back at you on that inevitable day when your lock is held hostage by overseas hackers.

The Ellipse is really expensive. In 2008 I bought a used bike from a guy I found on Craigslist. I met him on the street outside my apartment at 7 one morning. He was driving a big work van filled with used bikes; he tossed one out of the van, I gave him $180, and he drove away. I still have the bike. Revisiting this story 10 years later, I now realize that the bike I bought may well have been stolen. Oh, well! I guess my point is that even if your bike gets stolen because you do not have a good lock, you can probably buy it back from a stranger in a van for less money than it would cost you to buy this smart bike lock.

The Ellipse is not actually shaped like an ellipse. It’s more of a parabola. What else does the Ellipse promise but not deliver, hmmm?

Security risk factor: The Ellipse website boasts of the lock’s “bank-level encryption,” which sounds pretty impressive, but which bank are we talking about here? Hopefully not one of those banks that routinely give up users’ personal information to hackers. Regardless, my main concern is that Lattis seems to have stopped communicating with its many unhappy customers. Trustworthy companies do not ghost on their customers as soon as they run their credit cards.

“First question: Why does one need a smart lock? Perhaps to avoid forgetting/losing physical keys,” wrote Ken Munro, founder and senior partner at the British penetration testing firm Pen Test Partners, in a recent email. “However, if the mobile app or related unlock mechanism isn’t secure, you’re actually making your bike LESS secure. Want examples? Go look at the Tapplock!” Munro is referring to an incident in June, when Pen Test Partners found serious flaws in a fingerprint-reading Bluetooth padlock called the Tapplock, which boasted of its “cut-resistant” shackle and its military-grade encryption standards. Pen Test Partners was able to cut the lock in 10 seconds with a bolt cutter, and to crack the lock’s vaunted encryption after 45 minutes of research and hacking. “Words like ‘bank grade security’ fill me with dread,” continued Munro. “This usually means that they’ve used a similar encryption algorithm for the mobile app comms to those found in financial services, having paid little attention to all the other attack surfaces for the lock!”

The most obvious attack surface for this lock, of course, is its steel shackle—and bike thieves have been successfully breaching nonsmart U-locks for years and years. “I’m less worried about clandestine compromise of a bike lock,” said James Loving, a security researcher affiliated with the Massachusetts Institute of Technology. “A pair of bolt cutters can get into these locks just as easily, so the real benefit of exploitation is being able to surreptitiously access what’s behind the lock. With a bike lock, the theft will be obvious either way, and access to the bike is possible either way, so there’s little point to exploiting the Ellipse lock beyond hacker cred.” Still, for those hackers out there who want some cred, the Ellipse seems ripe for the cracking.

Is the Ellipse more likely to be used to solve or commit a crime? Initially I was going to say “solve the crime-in-progress of bike theft,” but since the theft detection feature on the Ellipse does not actually seem to work all that well, I guess I’ll say that it’s most likely to be used to commit the crime of hurling an expensive and underwhelming bike lock in frustration through a neighbor’s window.

Should this thing be smart? This specific thing—the Ellipse, I mean—should not be smart. There is certainly a world in which a smart bike lock is a very good idea. But the Ellipse, by many accounts a flawed product, is not the smart bike lock that the world has been waiting for.