It isn't a man-in-the-middle attack, because nothing is being altered, crypto doesn't mean shit.
I'd call it a man-in-the-mirror attack ;-) The receiver/sender can't tell the difference.
Automatic unlock is a huge vulnerability.
I would not trust a company that doesn't bother to even mention these issues, even if they've defeated them, which I highly highly doubt. This product plays on the convenience factor, and does not really address anything technical. Cute, but no thanks. I'd rather have a safe house than a hipsterly cute one.
Physical locks aren't unbreakable. A deadbolt does not make your house a fortress.
I am all for good data security here, but if someone has targeted you to the point of following you around to clone your phone's interaction with your front door, I am pretty sure the glass windows provide a far easier target. Most of them can be just lifted out of their frame.
Yes, it could be breakable. No, it is no less secure than an existing deadbolt. Threat model matters.
In order to arbitrarily generate a correct unlock signal, you would need to know the phone's key so as to encrypt and sign an unlock message containing the correct date. You can't do that unless you've broken the crypto.
Are you talking about moving the radio signal between the victim and the door live while he's out and about? That's clever, but the attack could be easily precluded by requiring his approval (on the phone) before sending an unlock message. Which he won't give unless he's at his front door.
I see the product includes Automatic Unlock as a feature, but as long as it's optional I see no problem. Unless your threat model includes Oceans 11-style thieves and government agents, that's pretty freaking unlikely; anyone that sophisticated would probably have an easier time picking your $25 deadbolt, social engineering the landlord, breaking a window, etc. anyway.
If your threat model does include these things, what are you doing buying consumer security hardware anyway?
