On Tuesday, August 8, smart locks manufacturer LockState botched an over-the-air firmware update for its WiFi enabled smart locks, causing the devices to lose connectivity to the vendor's servers and the ability to open doors for its users.
Only one LockState product was affected, which is the LockState RemoteLock 6i (also known as 6000i).
The device costs $469 and is sold mainly to Airbnb hosts via an official partnership LockState has signed with the company. Hosts use the smart locks to configure custom access codes for each Airbnb renter without needing to give out a physical key to each one.
The botched firmware bricked the device's smart code access mode. Physical keys continued to work. The botched firmware was a nuisance for private home owners, but it was a disaster for Airbnb hosts, who had to scramble to get customers physical keys so they could enter their rents.
@lockstate Your firmware update bricked at least 500 locks. Very costly. Replacement in 14-18 days? Email response over 12 hours? Not OK.— Coffee Review (@coffeereview) August 8, 2017
Lockstate smart locks - may have been bricked by update https://t.co/YQ8KhY0b7I— Charles R. Smith (@softwarnet) August 11, 2017
Apparently remotelock/lockistate bricked thousands of locks in the last 48 hours with a firmware upgrade. Any proof of this? #internetofshit— John Adams (@netik) August 11, 2017
@jongaze - Saw your YouTube video about Lockstate failure. Company has admitted they killed many 6i locks, "working" on a fix. Infuriating!— 1word Retweets (@1WordRetweets) August 7, 2017
Our lock suddenly stopped working. How did you determine this? Any news about it anywhere?— Garrett Kelly (@boontdustie) August 8, 2017
According to this letter, the smart locks lost the ability to connect back to LockState's servers. The full letter is available below.
The company is asking customers to send in their affected locks so engineers could update the device with the proper software. LockState estimates that the total time to fix and return the product will be around 5 to 7 days. Customers can also choose to have the product replaced altogether, but LockState says this will take between 14 to 18 days.
Earlier today, the company said its engineers already fixed 60% of all affected locks.