LockState accidentally bricks hundreds of locks through a failed firmware update

By Cal Jeffrey ยท 9 replies
Aug 15, 2017
Post New Reply
  1. The Internet of Things (IoT) has been growing at a rapid rate. It seems that every day there is a new connected product that is designed to make our lives easier. Some have connections that are obvious; smart speakers and televisions are good examples. Other products are connected in an unobtrusive way and simply download updates without you even knowing.

    LockState’s RemoteLock LS-6i is just such a device. The LS-6i is a lock designed to be used on home or business doors. It is very popular for Airbnb businesses because the knob has a programmable keypad, which is excellent for generating guest codes. The lock is equipped with wifi, which allows for remote control, as well as for keeping the firmware updated quietly in the background.

    Last week owners of the 6i began finding themselves locked out of their residences and businesses. Customers started flooding Twitter with complaints.

    LockState CEO Nolan Mondrow sent out an email to impacted customers explaining that the lock failures were due to a “fatal error” caused by a bad firmware update. Worse yet, the error prevented the components from connecting to the company’s servers. Therefore, remotely fixing the software was impossible.

    “We realize the impact that this issue may have on you and your business, and we are deeply sorry,” Mondrow apologized. “Every employee and resource at LockState are focused on resolving this for you as quickly as possible. We hope that you will give us a chance to regain your trust.”

    At least 500 LS-6i customers had been affected including as many as 200 Airbnb businesses. According to Kaspersky-run blog Threatpost, the update also bricked 10 other LockState products. Most of the customers voicing complaints on Twitter are unimpressed at the time it is taking for the company to handle the situation.

    To fix the problem, bricked devices have to be sent back to LockState for a manual reset, which takes five to seven days. Customers may also opt to receive a replacement lock and send back the faulty unit. Inexplicably this process takes much longer – two to three weeks. The company claims that it has fixed 60 percent of the failed devices. At that rate, it looks like the remainder of the locks should be taken care of by the end of this week.

    In addition to paying all shipping costs, the firm is including one year of its premium LockState Connect Portal free to impacted customers.

    Permalink to story.

  2. Uncle Al

    Uncle Al TS Evangelist Posts: 3,948   +2,432

    Some stories are just too funny to comment on ......
    wiyosaya and Cal Jeffrey like this.
  3. poohbear

    poohbear TS Addict Posts: 193   +95

    Wow. Ud think theyd test firmware updates in house on dozens of their locks before making it public. Quality assurance is so important and yet so many companies neglect it in this day & age cause they think they can release a quick patch or firmware update.
    Cal Jeffrey and Tanstar like this.
  4. Vaneheart

    Vaneheart TS Rookie

    Heh, this is more common than one might think. Back in 2002, we had a newb try to push out, en-masse, a bunch of firmware updates to all the HP network printer NICs on the network. This was a very large organization, on a rather old-*** network for its time, and there were a ton of old network printers. About twenty percent of them bricked, only about fifty percent actually took the update, and the remainder didn't take the update at all. The network took a big performance hit while this update pushed out. The bricked NICs had to be sent back to HP to be replaced (some were too old, and we had to get creative), and we had to do a lot of printer shuffling. Some of these offices and organizations couldn't function without their printers. It was quite a bit of angry phone calls and chaos.

    Good times.
  5. Humza

    Humza TS Addict Posts: 115   +79

    LockState took its name too literally eh?
    Tanstar and Reehahs like this.
  6. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 10,183   +4,117

    This is why automatic updates are not "the thing to have".
    Vrmithrax, wiyosaya and Reehahs like this.
  7. Cal Jeffrey

    Cal Jeffrey TS Guru Topic Starter Posts: 966   +234

    I read today that the firmware update was intended for 7000i locks, not the 6000i. They pushed the wrong firmware.
    wiyosaya likes this.
  8. Scshadow

    Scshadow TS Evangelist Posts: 532   +165

    As things become more advanced, there are more things that can go wrong. My company is deploying a new type of router (I'm not stating the vendor) and well, we obviously can't support the most recent firmware so every unit gets downgraded as part of activation. Well today, I ran into a unit that has firmware shipped from factory that couldn't be activated and downgraded because that firmware caused the device to be unable to set a static IP. Just how the **** do you ship out a router that can't set static ips. More then ever, we live in a world where we need to double and triple check our work and companies are pushing things out so fast that no one can QC their own work. I feel sorry for the scapegoat that gets blamed for this failure when its the higher ups that don't ensure QC is a priority.
    cliffordcooley likes this.
  9. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 10,183   +4,117

  10. captaincranky

    captaincranky TechSpot Addict Posts: 13,585   +3,060

    Although, you have to admit, this, (however unintentionally), makes Windows 10's automatic updates look good by comparison. :eek:

    Some things like internet locks are just too damned hip, and the people who own them, (IMO), deserve what they get.

    What I'd really like to see, is a pair of hipsters come home to a dead lock, then climb in a window, only to find their 20 bucks a pop internet connected light bulbs are bricked too.
    Last edited: Aug 17, 2017
    cliffordcooley likes this.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...