On slack someone asked who was using a smart lock, and if they had done a security assessment. A very good question!
Since I am a security expert by profession, I wanted to share my slack response also on the forum, and invite you all to add your insights and experiences here.
If you want security from skynet, go live in a bunker without internet. Everything can be hacked. Without Nuki my door could be opened with a crowbar or similar. Now that I have Nuki, that has not changed (actually, that is why I wanted Nuki, it keeps the physical lock/door/key and certifications completely unchanged).
But by adding Nuki, new attack vectors are introduced for burglars. Potentially one could physically access the Nuki on the inside (drilling, letterbox, breaking a window, …) and physically turn Nuki open.
From a cyber aspect one could hack the BLE signal locally, one could hack the Nuki bridge API, one could hack the Nuki cloud API, or use the webinterface using the user credentials. And now that I have linked it to Homey, also by hacking Homey one could open the door.
On the plus side: With Nuki I get added security because the door goes into full 3-point lockdown at night or when no one is at home (kids and GF used to forget locking the door when leaving…). And I am not worried anymore that someone is copying the physical key, or using it when the kids lost the key again.
In short my conclusion: any automated lock/unlock system will probably decrease the overall security when you have a good physical key management (locking the door always when leaving, never leave keys out of sight, never lose a key or immediately replace all cillinders after losing one).
But in my family the ‘Human factor’ tipped the balance to getting a Nuki (plus I like to test this technology ).
Full disclosure: My profession is being a security expert. But I have not done a very thorough assessment of Nuki, other than above considerations.