Firmware update blunder bricks hundreds of home 'smart' locks

Automatic over-the-air upgrade will knacker front-door gear for at least five days


Hardware biz Lockstate has managed to brick hundreds of internet-connected so-called smart locks on people's front doors with a bad firmware update.

The upshot is you can't use the builtin keypad on the devices to unlock the door. Lockstate's smart locks are popular among Airbnb hosts as it allows them to give guests an entry code to get into properties without having to share physical keys. Lockstate is even a partner with Airbnb.

Earlier this week, though, new software was automatically sent out to folks' $469 Lockstate 6000i locks – one of the upstart's top residential smart locks – which left the keypad entirely useless. The crashed locks – which connect to your home Wi-Fi for remote control and monitoring as well as firmware updates – are now going to be out of action for at least a week.

"Your lock is among a small subset of locks that had a fatal error rendering it inoperable," the locksmiths said in an email sent to affected customers. "After a software update was sent to your lock, it failed to reconnect to our web service making a remote fix impossible."

Owners have two choices. They can either remove the back panel of the lock and send it in to the manufacturer so the software can be manually updated, which will take between five and seven working days. Alternatively they can ask for a replacement, which will take 14-18 days to ship, and then send back the junked lock.

Lockstate will cover all shipping costs for the locks and affected customers will also get one year of free Lockstate Connect, which is a subscription-based service that allows full remote control of all compatible smart home devices.

The physical key on the lock should still work, but that's going to be cold comfort for a lot of Airbnb users, who prefer to keep the physical keys to themselves and set an access code for each lodger that stops by.

In a statement to El Reg on Friday, Lockstate said firmware for its more advanced 7i model had mistakenly been sent to some 6000i customers. All the affected owners, understood to be at least 500 folks, have been contacted, we're told. ®

Similar topics


Other stories you might like

  • AMD refreshes Ryzen Embedded line with R2000 series
    The target? Thin clients and industrial devices – with new SoC family running up to 4 independent displays

    Embedded World AMD is bringing to market a new generation of Ryzen chips for embedded apps promising more CPU cores, enhanced built-in graphics and expanded I/O connectivity to drive kit such as IoT devices and thin clients.

    Crucially, AMD plans to make the R2000 Series available for up to 10 years, providing OEM customers with a long-lifecycle support roadmap. This is an important aspect for components in embedded systems, which may be operating in situ for longer periods than the typical three to five-year lifecycle of corporate laptops and servers.

    The Ryzen Embedded R2000 Series is AMD's second-generation of mid-range system-on-chip (SoC) processors that combine CPU cores plus Radeon graphics, and target a range of embedded systems such as industrial and robotic hardware, machine vision, IoT and thin client devices. The first, R1000, came out in 2019.

    Continue reading
  • What if ransomware evolved to hit IoT in the enterprise?
    Proof-of-concept lab work demos potential future threat

    Forescout researchers have demonstrated how ransomware could spread through an enterprise from vulnerable Internet-of-Things gear.

    The security firm's Vedere Labs team said it developed a proof-of-concept strain of this type of next-generation malware, which they called R4IoT. After gaining initial access via IoT devices, the malware moves laterally through the IT network, deploying ransomware and cryptocurrency miners while also exfiltrating data, before taking advantage of operational technology (OT) systems to potentially physically disrupt critical business operations, such as pipelines or manufacturing equipment.

    In other words: a complete albeit theoretical corporate nightmare.

    Continue reading
  • DeadBolt ransomware takes another shot at QNAP storage
    Keep boxes updated and protected to avoid a NAS-ty shock

    QNAP is warning users about another wave of DeadBolt ransomware attacks against its network-attached storage (NAS) devices – and urged customers to update their devices' QTS or QuTS hero operating systems to the latest versions.

    The latest outbreak – detailed in a Friday advisory – is at least the fourth campaign by the DeadBolt gang against the vendor's users this year. According to QNAP officials, this particular run is encrypting files on NAS devices running outdated versions of Linux-based QTS 4.x, which presumably have some sort of exploitable weakness.

    The previous attacks occurred in January, March, and May.

    Continue reading

Biting the hand that feeds IT © 1998–2022