Smart locks, not so smart: Customers stranded after botched firmware update

Hundreds of smart locks bricked after a flawed LockState software update.
Written by Charlie Osborne, Contributing Writer

Consumers have taken to social media in their droves to complain about smart locks which became unresponsive following a flawed firmware update.

Over the past week, LockState customers have vented their frustration on platforms including Twitter to complain that their Internet of Things (IoT) smart locks, used to remotely control doors, begun to fail from last Monday.

The Colorado-based company at fault, LockState, touts its Wi-Fi enabled smart lock product range as a way to "monitor and control your door lock from anywhere." For many Airbnb hosts, for example, these kinds of projects can make running an Airbnb easier and more convenient than passing around traditional keys.

Sadly for the users of the RemoteLock 6i, used by many due to an Airbnb partnership, the update issue has caused chaos.

At least 200 Airbnb customers have been impacted.

In an email sent to customers last week, LockState CEO Nolan Mondrow said the software update has caused a "fatal error" in a subset of 6i locks, and the locks are now unable to reconnect to the firm's web servers, making a remote fix "impossible."

Customers took to Twitter to vent their frustration.


As a consequence, consumers have been left with two options, neither of them convenient.

Customers can either remove the back part of the lock and return it to LockState for a fix -- which will take between five and seven days -- or the company has offered to ship a replacement interior lock for affected customers, who are then asked to send the faulty model back.

This, however, will take between two and three weeks.

At least LockState has offered to pay for shipping costs and will provide a year of free service for the LockState Connect Portal -- should customers decide to return.

In the meantime, customers will need to use their emergency, traditional keys supplied with the lock to operate them.

The error occurred as the firmware update was intended for 7000i model locks, but was mistakenly sent to other products instead.

The faulty update has now been removed from LockState servers, and according to Ars, the company claims 85 percent of customer issues have been resolved.

"We realize the impact that this issue may have on you and your business and we are deeply sorry," Mondrow said. "Every employee and resource at LockState are focused on resolving this for you as quickly as possible. We hope that you will give us a chance to regain your trust."

Speaking to ThreatPost, LockState said that over 500 6i model customers have been affected, but roughly 11 of the firm's lock products in total have been bricked by the update.

This is not the first time an IoT device has caused security worries or serious inconvenience to the average consumer and businesses alike. Last year, search engine Shodan revealed the consequences of poor IoT security by revealing countless open home cameras and webcams which could be tapped into to spy on your private lives.

The most shocking of Shodan

Read more:

Editorial standards