AirBnB's partner LockState faces critical problems with the Lock Model LS6i after running a firmware update over the air. After the the update some of the locks rendered useless, bricked. The Manufacturer already informed the affected customers per email and offer them an replacement or repair service.

When good functions go bad

A WiFi connected door lock from LockState which is often used and also recommended to be used by AirBnB rendered useless, bricked, after a firmware update was installed on the device. The Manufacturer already informed the affected customers per email and offer them the following options

Option 1 The back portion of the lock will need to be returned to LockState so that the software on the lock can be updated. Total time to fix and return: 5-7 days Option 2 LockState can ship a replacement interior lock for you to replace. You can then send the faulty lock back to Lockstate. Total lead time: 14 - 18 days.

The original wording regardin Nolan Mondrow, the CEO of Lockstate, is:

"Dear Lockstate Customer, We notified you earlier today of a potential issue with your LS6i lock. We are sorry to inform you about some unfortunate news. Your lock is among a small subset of locks that had a fatal error rendering it inoperable. After a software update was sent to your lock, it failed to reconnect to our web service making a remote fix impossible. In order to fix your lock, there are two options:"

You can read the origin statement on LocksStates Webpage

My opinion

Firmware update over the air (FOTA) is an important function of IoT devices. Dependant on the target functionality of the device itself, FOTA is often also the most complex part of the device's functionality.

I've already written an article describing pro's and con's and different options to run FOTA which you can read What is behind FOTA. My opinion:

The good points are

  • LS6i allows FOTA
  • No Security problem mentioned
  • Quick Reaction on the problems
  • The doors can be open with a normal key, no locked people

The bad topics

  • Software Engineers are also people and make errors
  • The number of affected customers is high enough for bad publicity

Possible Lessons learned

  • Test, Test, Test and Test. The problems sound not like it appears very rare, therefore there was a test missing somewhere

Source

Next Post Previous Post