smart-lock-firmware-hacking
More features, more problems!

Today, we are living in a digital age that is creating a digital headache for people by connecting every other unnecessary home appliance to the Internet.

Last week, nearly hundreds of Internet-connected locks became inoperable after a faulty software update hit some models.

Users of remotely accessible smart locks made by Colorado-based company LockState have taken to social media platforms including Twitter to complain that their $469 Lockstate 6000i locks started to fail from last Monday, leaving the keypad entirely useless.
Cybersecurity

LockState's RemoteLock 6i (6000i) is an Internet-connected smart lock that connects to your home Wi-Fi network for remote control and monitoring as well as firmware updates.

LockState is even a partner with Airbnb, allowing Airbnb hosts' to give their guests entry code in order to get into hotel properties without having to share physical keys.

However, last week many Airbnb customers were unable to use the built-in keypad on the smart lock devices to unlock the doors.

According to the company, the issue occurred after its Wi-Fi enabled smart lock product range received a faulty over-the-air firmware update last week, which caused a "fatal error" in the locks, making them inoperable.

The error occurred because the firmware update was actually intended for 7000i model smart locks, but was instead mistakenly sent to 6000i products.

What's worse? The smart locks now become unable to reconnect to the company's web servers, making a remote fix "impossible."
Cybersecurity

"Your lock is among a small subset of locks that had a fatal error rendering it inoperable," LockState CEO Nolan Mondrow said in an email sent to affected customers. "After a software update was sent to your lock, it failed to reconnect to our web service making a remote fix impossible."

So eventually, the affected consumers, which the company believes to be about 500 locks, have been left with just two options:

  1. Users can either remove the back flap of the lock and send it to the manufacturer so it can manually update the software, which will take 5-7 working days.
  2. Alternatively, users can ask for a replacement lock, which will take 14-18 days to ship, and then send the faulty model back.

The company assured its affected customers that it to cover all shipping costs for the locks and will also provide one year of free service for the LockState Connect Portal, which is a subscription-based service which allows full remote control of all compatible smart home devices.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.