Failed Firmware Update Takes Down 500 LockState Smart Locks

Smart lock vendor LockState accidentally bricks its own locks through a failed automatic firmware update. More than 500 customers using model 6000i RemoteLocks were impacted.

 •

LockState customers were in for a surprise after an automatic update failed and bricked their smart locks last week. The company told Threatpost that more than 500 customers using model 6000i RemoteLocks were impacted.

The issue stems from an over-the-air firmware update to its 6000i systems meant for its 7000i model locks. The update caused first-generation models of the 6000i locks to malfunction, rendering them unable to be locked and no longer able to receive over-the-air updates.

“We realize the impact that this issue may have on you and your business and we are deeply sorry. Every employee and resource at LockState is focused on resolving this for you as quickly as possible,” CEO of LockState Nolan Mondrow told customers in an email. “After a software update was sent to your lock, it failed to reconnect to our web service making a remote fix impossible.”

In total, about 11 of the company’s keyless lock systems in use today are affected. The smart lock allows users to manage doors remotely, monitor usage of the door and receive alerts when the assigned codes are used.

In a statement to The Verge, the company said a “small subset” of customers' locks were unable to communicate with Lockstate's servers. “We immediately contacted each and every customer that was affected and we are working to get all affected locks back online. We have already fixed the problem for many of these customers but for some we need to get their locks back for a reset, and then ship it back out to them,” added LockState.

So the problem isn't totally solved unless users actually ship their lock back to Lockstate for repairs. 

This situation could have been especially detrimental to businesses and rentees. LockState is part of the Airbnb Host Assist Program, meaning the company’s locks are recommended solutions for Airbnb hosts. About 200 Airbnb customers were impacted, according to LockState.

The company has offered customers two options:

  • Option 1: The back portion of the lock will need to be returned to LockState so that the software on the lock can be updated. Total time to fix and return: 5-7 days.
  • Option 2: LockState can ship a replacement interior lock for you to replace. You can then send the faulty lock back to Lockstate. Total lead time: 14 – 18 days.

The event goes to show that it doesn’t take a virus or hacker to dumb down your smart device. Even more importantly, CE pros need to be talking about cybersecurity for older, unsupported IoT devices.