Stories
Slash Boxes
Comments

SoylentNews is people

Hundreds of Internet-Connected Smart Locks Bricked by Manufacturer

posted by Fnord666 on Sunday August 13 2017, @02:56AM   Printer-friendly
from the when-bad-ideas-go-wrong dept.

tonyPick writes:

According to The Register a firmware update mistake has managed to brick hundreds of internet-connected door locks:

The upshot is you can't use the builtin keypad on the devices to unlock the door. Lockstate's smart locks are popular among Airbnb hosts as it allows them to give guests an entry code to get into properties without having to share physical keys. Lockstate is even a partner with Airbnb.

Earlier this week, though, new software was automatically sent out to folks' $469 Lockstate 6000i locks – one of the upstart's top residential smart locks – which left the keypad entirely useless. The crashed locks – which connect to your home Wi-Fi for remote control and monitoring as well as firmware updates – are now going to be out of action for at least a week.

[...] The physical key on the lock should still work, but that's going to be cold comfort for a lot of Airbnb users, who prefer to keep the physical keys to themselves and set an access code for each lodger that stops by.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Hundreds of Internet-Connected Smart Locks Bricked by Manufacturer | Log In/Create an Account | Top | 28 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Interesting) by kaszz on Sunday August 13 2017, @03:36AM (3 children)

    by kaszz (4211) on Sunday August 13 2017, @03:36AM (#553088) Journal

    In other words Lockstate and the buyer owns it..

    The question then becomes if it's more secure to let Lockstate do the automatic update thing and risk their incompetence. Or to block them from doing anything by ripping out the phone-home connection. But instead risking a lock that can be thwarted by some security leap you missed ?

    Another approach is to flash it with your own firmware..
    At 2:09 [youtube.com] the interior design of the lock should be obvious. The square SMD chip (QFP-64?) in the upper left corner is likely the MCU. Find the JTAG points, flash it. Another approach is to make a replacement board that uses the connector to the right. That way you can do the lock thing correctly.
    Overview of both sides [youtube.com]. In particular outside only have keypad, and the inside have keypad+battery box.

    As the lock lacks any wired connection to anything. I'll assume it phones home via 802.11 and DHCP. Or does it use Bluetooth, or GSM/3G ?

    Starting Score:    1  point
    Moderation   +2  
       Interesting=2, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 0) by Anonymous Coward on Sunday August 13 2017, @03:42AM (2 children)

    by Anonymous Coward on Sunday August 13 2017, @03:42AM (#553091)

    If it were the case that Lockstate AND the buyer (the intersection) owns it, then they'd both have to agree on how it's controlled.

    What you are describing is Lockstate OR the buyer (the union) owns it.

    This distinction is not splitting hairs; the lack of appreciation for this distinction is the root of all disputes.

    • (Score: 2) by kaszz on Sunday August 13 2017, @03:48AM (1 child)

      by kaszz (4211) on Sunday August 13 2017, @03:48AM (#553094) Journal

      AND - because both can tell the unit to contradict the order from the other "user".

      So the user should verify code and lock the manufacturer out of the product.

      • (Score: 0) by Anonymous Coward on Sunday August 13 2017, @03:50AM

        by Anonymous Coward on Sunday August 13 2017, @03:50AM (#553095)

        Now, we're back to what the Bitcoiners say. (XOR).