Hundreds of smart locks scuppered by flawed update

Hundreds of smart locks scuppered by flawed update

Hundreds of smart locks left bricked after flawed update
(Photo: Lockstate)

Hundreds of smart locks from supplier Lockstate were left unusable, or ‘bricked’, after a flawed wireless update was issued by the company.

As customers flocked to the internet to complain about the issue, the company’s CEO Nolan Mondrow confirmed the “unfortunate” news via an email, also posted on the company’s website. 

The issue affected the company’s 6000i smart locks. According to Threatpost, this happened because the company sent an update designed for the 7000i to these models by mistake, rendering them useless.

User frustration

Users have been frustrated by the fact that there’s no remote fix available, meaning they’ve spent money on a device they can no longer use. Instead, they must return their lock for repair or request a replacement from the company. Repairs will take five to seven days, while replacements could take up to 18 days. Mondrow said that the company was “deeply sorry” for the impact this might have.

Neither option is ideal, although customers don’t have much choice here. As a goodwill gesture, LockState is footing the bill for the shipping of locks and will also provide affected customers with a year of free service for the LockState Connect portal.

In addition, the issue has had a knock-on effect on LockState’s Airbnb Host Assist marketing partnership. Roughly 200 Airbnb customers were impacted by the update, claims Threatpost.

Read more: Cyber amateurs protect smart home from real-time invasion

Dodgy updates

Ken Munro, partner at ethical hacking company Pen Test Partners, told Internet of Business that auto updates aren’t ideal because users aren’t directly involved in them.

“Auto updates mean that the user has no involvement and that has led to some consumers complaining that vendors have no autocratic right to update without their say-so,” he said.

“But, with no auto update, some users won’t bother updating, meaning there will always be a stack of vulnerable devices just waiting to be exploited.”

He added: “The solution might be somewhere between the approach of Apple and Microsoft: proactive alerting but with the ability to postpone updates to a convenient time.

This gives users more flexibility as to when to update and it may allow bricking issues to be spotted before everyone gets bricked.”

Read more: Locked out – Garadget owner blocks IoT app user following negative review