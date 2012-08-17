from the when-bad-ideas-go-wrong dept.
According to The Register a firmware update mistake has managed to brick hundreds of internet-connected door locks:
The upshot is you can't use the builtin keypad on the devices to unlock the door. Lockstate's smart locks are popular among Airbnb hosts as it allows them to give guests an entry code to get into properties without having to share physical keys. Lockstate is even a partner with Airbnb.
Earlier this week, though, new software was automatically sent out to folks' $469 Lockstate 6000i locks – one of the upstart's top residential smart locks – which left the keypad entirely useless. The crashed locks – which connect to your home Wi-Fi for remote control and monitoring as well as firmware updates – are now going to be out of action for at least a week.
[...] The physical key on the lock should still work, but that's going to be cold comfort for a lot of Airbnb users, who prefer to keep the physical keys to themselves and set an access code for each lodger that stops by.
(Score: 0) by Anonymous Coward on Sunday August 13, @03:00AM (4 children)
"If you are not the sole holder of the private key, then you do not own the BTC."
The same applies here. You don't own the device if you're not the sole person who can control it.
Reply to This
(Score: 2) by kaszz on Sunday August 13, @03:36AM (3 children)
In other words Lockstate and the buyer owns it..
The question then becomes if it's more secure to let Lockstate do the automatic update thing and risk their incompetence. Or to block them from doing anything by ripping out the phone-home connection. But instead risking a lock that can be thwarted by some security leap you missed ?
Another approach is to flash it with your own firmware..
At 2:09 [youtube.com] the interior design of the lock should be obvious. The square SMD chip (QFP-64?) in the upper left corner is likely the MCU. Find the JTAG points, flash it. Another approach is to make a replacement board that uses the connector to the right. That way you can do the lock thing correctly.
Overview of both sides [youtube.com]. In particular outside only have keypad, and the inside have keypad+battery box.
As the lock lacks any wired connection to anything. I'll assume it phones home via 802.11 and DHCP. Or does it use Bluetooth, or GSM/3G ?
Reply to This
Parent
(Score: 0) by Anonymous Coward on Sunday August 13, @03:42AM (2 children)
If it were the case that Lockstate AND the buyer (the intersection) owns it, then they'd both have to agree on how it's controlled.
What you are describing is Lockstate OR the buyer (the union) owns it.
This distinction is not splitting hairs; the lack of appreciation for this distinction is the root of all disputes.
Reply to This
Parent
(Score: 2) by kaszz on Sunday August 13, @03:48AM (1 child)
AND - because both can tell the unit to contradict the order from the other "user".
So the user should verify code and lock the manufacturer out of the product.
Reply to This
Parent
(Score: 0) by Anonymous Coward on Sunday August 13, @03:50AM
Now, we're back to what the Bitcoiners say. (XOR).
Reply to This
Parent
(Score: 2) by black6host on Sunday August 13, @03:13AM (5 children)
If you need 5 9's of up-time then be prepared to pay for it. That doesn't excuse faulty updates but if you don't have an SLA then you haven't much recourse. A sub $500 lock with a guaranteed non-failure rate is most unlikely. Especially when you connect such things to the net. Foolish. Both in execution as well as expectations.
Reply to This
(Score: 1, Touché) by Anonymous Coward on Sunday August 13, @03:23AM
A high-quality <device> need be designed only once; it can be replicated thereafter at scale.
The problem is that there is no such thing as a high-quality <device>; every <device> sucks, because it is designed by people, and people suck—even if the design were great, people would gouge consumers to the point of making the <device> irrelevant.
Reply to This
Parent
(Score: 2) by Grishnakh on Sunday August 13, @03:27AM (2 children)
This whole "pay for it" thing is BS. Just look at "enterprise software": it costs an absolute fortune, yet it's all complete and utter crap. Paying a lot for something doesn't mean you're going to get a better-designed product, just (maybe, if the contract says so) that you'll be able to get a hold of someone faster. Then that person will tell you "oh sorry! We'll have a fix for you in a week or so!" Or you can have a contract that guarantees a certain performance, and then when they fail (and they will), you'll have to hash it out in court with them.
Bottom line: don't outsource your building's security to a cloud service.
Reply to This
Parent
(Score: 2) by black6host on Sunday August 13, @03:36AM (1 child)
I agree with what you are saying. I just found it unreasonable that people who bought a sub $500 lock that was connected to the internet would think it wouldn't fail :)
Reply to This
Parent
(Score: 2) by kaszz on Sunday August 13, @04:03AM
It's not the money that is the failure point here. It's the internet connected + lack of due diligence. If you didn't check the code, then it shall be assumed to be faulty for something critical as this.
As for code quality it seems the open source model beats the commercial development model. Except for code done using formal verification like NASA space shuttle and L4-microkernel. This firmware was likely developed in the lock-opens, lock-closes and the GUI looks splashy.. SHIP!
(I wonder if SpaceX does the formal verification thing..)
Reply to This
Parent
(Score: 2) by kaszz on Sunday August 13, @03:46AM
The assumption is wrong. The lock already worked fine but the manufacturer did not check their update properly before committing it. So they should just refrain from even attempting to push them out. I recall a TLD that fucked up a whole country domain for hours.. "doh". So even services that should be conscientious aren't.
Lesson: Don't rely on others for your security.
So all this clue(wire)less stuff, binary blob, cloud, H-1B coded security, microsoft etc. = Junk.
Reply to This
Parent
(Score: 2) by Grishnakh on Sunday August 13, @03:24AM
Let this be a lesson on trusting your physical security to the cloud.
Reply to This