Firmware update blunder bricks hundreds of home 'smart' locks

Hardware biz Lockstate has managed to brick hundreds of internet-connected so-called smart locks on people's front doors with a bad firmware update.

The upshot is you can't use the builtin keypad on the devices to unlock the door. Lockstate's smart locks are popular among Airbnb hosts as it allows them to give guests an entry code to get into properties without having to share physical keys. Lockstate is even a partner with Airbnb.

Earlier this week, though, new software was automatically sent out to folks' $469 Lockstate 6000i locks – one of the upstart's top residential smart locks – which left the keypad entirely useless. The crashed locks – which connect to your home Wi-Fi for remote control and monitoring as well as firmware updates – are now going to be out of action for at least a week.

"Your lock is among a small subset of locks that had a fatal error rendering it inoperable," the locksmiths said in an email sent to affected customers. "After a software update was sent to your lock, it failed to reconnect to our web service making a remote fix impossible."

Owners have two choices. They can either remove the back panel of the lock and send it in to the manufacturer so the software can be manually updated, which will take between five and seven working days. Alternatively they can ask for a replacement, which will take 14-18 days to ship, and then send back the junked lock.

Lockstate will cover all shipping costs for the locks and affected customers will also get one year of free Lockstate Connect, which is a subscription-based service that allows full remote control of all compatible smart home devices.

The physical key on the lock should still work, but that's going to be cold comfort for a lot of Airbnb users, who prefer to keep the physical keys to themselves and set an access code for each lodger that stops by.

In a statement to El Reg on Friday, Lockstate said firmware for its more advanced 7i model had mistakenly been sent to some 6000i customers. All the affected owners, understood to be at least 500 folks, have been contacted, we're told. ®