LockState RemoteLock 6i

On Tuesday, August 8, smart locks manufacturer LockState botched an over-the-air firmware update for its WiFi enabled smart locks, causing the devices to lose connectivity to the vendor's servers and the ability to open doors for its users.

Only one LockState product was affected, which is the LockState RemoteLock 6i (also known as 6000i).

The device costs $469 and is sold mainly to Airbnb hosts via an official partnership LockState has signed with the company. Hosts use the smart locks to configure custom access codes for each Airbnb renter without needing to give out a physical key to each one.

Firmware update dumbs down smart locks

The botched firmware bricked the device's smart code access mode. Physical keys continued to work. The botched firmware was a nuisance for private home owners, but it was a disaster for Airbnb hosts, who had to scramble to get customers physical keys so they could enter their rents.

On Twitter, LockState said that only 500 devices were affected. The company immediately sent out a letter to all affected customers.

According to this letter, the smart locks lost the ability to connect back to LockState's servers. The full letter is available below.

LockState letter

The company is asking customers to send in their affected locks so engineers could update the device with the proper software. LockState estimates that the total time to fix and return the product will be around 5 to 7 days. Customers can also choose to have the product replaced altogether, but LockState says this will take between 14 to 18 days.

Earlier today, the company said its engineers already fixed 60% of all affected locks.

Related Articles:

Remote Code Execution Flaws Found in FreeRTOS - Popular OS for Embedded Systems

Bushido-Powered DDoS Service Whipped Up from Leaked Code