At Latch, we take the implications of smart access incredibly seriously—and we’re proud to help you make your space more secure. Here’s how we’ve designed hardware and software products that protect residents’ most valuable data.
Since our beginning, we’ve taken a proactive and thorough approach to our product development. We approach security from every angle: testing our hardware and software against potential threat models and frameworks so that we can get ahead of potential risks.
Our offline-first design approach means that devices do not require internet connections to unlock in the event of a network or cloud outage. Beyond that, operating independently from the internet provides an extra layer of security against malicious actors.
Testing and monitoring
In addition to running internal static, unit, and integration tests, we partner with third-party firms to run periodic penetration tests, and validate our product architecture and design. We also use a variety of security monitoring tools to detect risks in real-time and test new features and products in real-world scenarios.
Latch devices are designed to get better everyday. Because all our products can be updated wirelessly, we’re able to roll out the latest security features and fixes quickly and easily.
Bluetooth unlock security
We’ve built cryptographic certifications and bi-diectional signing into our products to put security at the heart of our Bluetooth unlock experience. When you first sign in to a new personal device, and periodically after that, the Latch Cloud authenticates you and determines which Latch devices you are authorized to unlock. Once authenticated, Latch Cloud supplies a signed unlock assertion to the Latch App. When an unlock is initiated, the Latch App sends the signed assertion to the Latch device. This verifies the signature of the unlock assertion and requests a second signature from the Latch App, ensuring that it is communicating with the app. If the signed message matches the signatures expected, the Latch device unlocks.
iOS Latch Widget
The iOS Latch Widget is a faster way to unlock your door. Using the widget, you can unlock your door from the home screen of your iOS device without having to launch the Latch App. To ensure that someone can’t unlock your doors if they have your phone, the iOS Latch Widget requires that the phone have been authenticated within the last 10 minutes. Depending on the personal device, authentication is often achieved through entering a passcode, pattern, fingerprint, or facial scan.
Your Latch Account login credentials are made up of your email as well as a password. To ensure the strength of your password, we require it to be at least eight characters, not feature any characters more than twice consecutively, and be different than your email. We also reject passwords that are on a list of unsafe passwords.
All of your Latch device data is encrypted before it is transported to the Latch Cloud using the Advanced Encryption Standard (AES) in Cipher Block Chaining (CBC) mode using a shared key derived via the Elliptic-curve Diffie-Hellman (ECDH) algorithm. Once in Latch Cloud, all data, such as access permissions, access logs, access photos, and personal contact information, is encrypted at rest using AWS KMS with at least 128-bit AES encryption.
Data sent to Latch devices from Latch Cloud is authenticated and protected against tampering during transport using cryptographic signatures. Access user lists and credentials sent to Latch devices, such as Doorcodes, are encrypted during transport, while the data in the Latch App is secured using platform-specific best practices such as iOS Keychain and Android Keystore. Latch App, Latch Manager, Latch Cloud and internet-connected Latch devices communicate with each other via TLS 1.2 or TLS 1.3.
When a Latch device takes a photograph, the image is encrypted and written using AES in CBC mode for secure storage.
We make use of both private cloud resources and public cloud services. We monitor traffic to and from our products for anomalies and intrusions using a number of technologies such as firewalls, IDS/IPS systems, web application firewalls, and cloud configuration monitoring systems. Our infrastructure runs on systems that are fault tolerant, preventing against failures of individual servers or even entire data centers. The Latch database is multi-tenant, and tenants are segregated via application controls. Security and permission policies exist at the device, property, and portfolio level.
We’ve designed our products to withstand extreme environmental and emergency situations.
Exterior operating temperature : -30°C to 70°C, Camera: 0°C to 60°CInterior operating temperature: -20°C to 54°C Operating humidity: 0–95% relative humidity, non-condensing
Latch M and C series devices are designed with a physical, industry-standard Schlage Type C keyway lock cylinder and key, and can be recylindered like any traditional lock. They are built to comply with ANSI Grade 1, the industry’s highest quality and durability standard for commercial security.
In multi-dwelling buildings, doors play an important role in preventing the spread of fire. The Latch M and C series devices have been designed to comply with the industry’s most rigorous fire code regulations, maintaining the integrity of the door in case of emergency. Latch M and C series devices are UL 10C (90 min) rated for use on fire resistant door assemblies in the United States; Latch C is also ULC S104 rated for use in fire resistant door assemblies in Canada.
Latch M and C Series devices meet TAS 201-94, 202-94, 203-94 for use in High Velocity Hurricane Zones.
Keycard and Near Field Communication
Latch devices and Keycards utilize the MiFare Classic NFC standard at 13.56 Mhz.
Access history and photos
A Doorcode is a randomly generated numeric code that enables users to unlock Latch devices using their numeric keypads. Doorcodes are a minimum of seven-digits offering 10 million combinations and are not customizable to avoid guessing.
To avoid brute-force attacks, Latch devices enter a Rate-Limiting Mode when they detect consecutive incorrect NFC/Keycard or Doorcode authentication attempts. Once the device is in Rate-Limiting Mode, it ignores all Doorcode and NFC authentication attempts; and the camera is turned off to conserve battery. After five minutes, the device will allow three more attempts to authenticate before returning to Rate-Limiting Mode. Bluetooth brute-force attacks are mitigated by the cryptographic security surrounding Latch’s Bluetooth technology. See ‘Bluetooth unlock security’ for more information on Bluetooth cryptographic security.
Latch devices incorporate hardware elements for the secure storage of cryptographic secrets. The use of a secure element protects cryptographic secrets from exposure by storing them in a manner which does not allow direct access via the system processor(s) or by direct memory access. Additionally, the secure element provides hardware measures to prevent unauthorized tampering or changing of cryptographic secrets and provides barriers to physical extraction attacks.
All security operations and functions are performed in-house by our security team, which includes 24/7 environment monitoring and response, adversarial assessments, and engineering. Our internal team is also bolstered by external, independent penetration testing; device assessments, and third-party audits. Multi-factor-authentication is also enforced for all teams and tools where available.
If you have questions or concerns about security at Latch, please feel free to contact our Security Team at firstname.lastname@example.org. For all other inquiries please contact our Support Team at email@example.com.
Vulnerability Reports and Disclosures
To report a security or privacy issue affecting Latch or Latch products, please visit the Latch bug bounty program and disclosure portal.