back to article Firmware update blunder bricks hundreds of home 'smart' locks

Hardware biz Lockstate has managed to brick hundreds of internet-connected so-called smart locks on people's front doors with a bad firmware update. The upshot is you can't use the builtin keypad on the devices to unlock the door. Lockstate's smart locks are popular among Airbnb hosts as it allows them to give guests an entry …

Silver badge
Thumb Up

Back in the early days of the internet ...

a lot of marketeers idea for the corporate website was a page with a phone number ...

What was it Henry Ford said ?

If I had asked my customers what they wanted, they would have said "faster horses"

0
0
Bronze badge
WTF?

Hm,

Having seen how easy it is to pick a lock, there is hardly a problem.

3
0
Silver badge

IoT stupidity

Why would any sane person have an Electronic lock that's connected to the Internet 24x7?

Apart from this fiasco, it makes the lock vulnerable to hacking.

Better that users are emailed with updates and that locks are updated by USB stick, with socket under a plate locked by key on inside of door.

This design is inherently insecure. It's not like a TV setbox where a botched OTA upgrade is only inconvenient.

Yet cars and other things have this stupid design concept.

8
0
Facepalm

So, IoT Security Can't Catch A Break

This past year, one of the thoroughly justified rants about a lot of IoT devices has been that their firmware can't be automatically updated, Even HP printers have been implicated in this blunder. Users have to go and fetch firmware updates themselves, if they're available, if the device will even accept an update.

But here we are with a laudable IoT device that is, thank you, automatically updated.

Except the update is deadly.

Little baby steps. IoT is juvenile technology. We're still stuck in The Dark Age of Computing.

1
0
Silver badge

Re: Juvenile Technology

Nope. It's juvenile developers.

2
0
Anonymous Coward

Re: Juvenile Technology

"It's juvenile developers."

With greatest respect, that's bollocks.

It's incompetent, ignorant, and naive management AS WELL as juvenile developers.

The juvenile developers should have known that it was sensible, maybe even essential, to be able to identify that any firmware update was fit for use on the device it was being applied to. Maybe that wasn't in the spec, maybe they said it would cost $$$ to implement and thus it got rejected, maybe something else.

The incompetent, ignorant, and naive management should have realised that any update needs to be tested on a realistic sample of the market before being forced onto the whole userbase. If that can't be done, the process design is as broken as the company management.

3
1
Anonymous Coward

Re: Juvenile Technology

I bet they were using Agile. Just remember burglars are more agile than developers.

1
0
Silver badge

Re: Juvenile Technology

"Just remember burglars are more agile than developers."

Not always. A few have got stuck in the windows they were trying to climb through (splendid recent example http://www.independent.co.uk/news/uk/home-news/burglar-jailed-after-getting-stuck-in-bathroom-window-a7562221.html ) and a few have fallen through roofs or roof-lights.

1
0
Anonymous Coward

A short step

From IoT to IdioT.

0
1
Silver badge

One simple job

A physical key, plus one or more numeric codes with some method allowing them to be assigned and expired. Why does this thing even need firmware updates?

Oh yes, maybe it is because the WiFi module is vulnerable because "being connected" is so much more important than "being secure"...

2
0
Anonymous Coward

Re: "being connected" is so much more important than "being secure"...

"Being fashionable" (for supplier and customer) is so much more important than "being fit for purpose". Even after media coverage like this.

Dumb people buy smart gear (exceptions apply).

FTFY, etc.

2
0
Silver badge

And this is one of the reasons you have to have n+1 devices, the last device is used to test any updates before rolling the update(s) out to the rest of the tat bazaar.

1
0

Remote security risks?

So the lock owner is reliant on the lock producer having a secure enough server, thats up to the snuff of preventing a rogue compromised update that allows ner do wells access to propertys protected by said locks.

2
1
Anonymous Coward

Consequential loss (more UK perspective)

it will be interesting when cases like this start hitting the news - and courts - on a regular basis. Certainly from a UK perspective where the concept of consequential loss is *very* narrow.

I wonder how many AirBnB "businesses" (quotes *not* ironic) will be able to recover their lost "profits" ????

1
1

Just use a magnet, I am told by a locksmith friend that that is all you need to open these locks.

1
1

That's a good point I hadn't thought of.

Whats to stop you forcefully wiping someone's lock, if not to get in then to lock them out? If you wanted to be a jerk.

1
1
Bronze badge

Just use a magnet

It's all you need to fire an ID-locked gun...

0
0

They're probably hardened against that, being $800 locks.

It's like being able to open padlocks with bits of beercan or pick locks in about 10 seconds flat (I've seen an electric lockpick in action.. 10 seconds is an outlier - it's probably quicker than using the key..). A *lot* of locks are just security theatre, but most burglars don't know that, and of those that do, they'll go after the easy ones rather than the hard ones, so all you have to do is make sure you don't get your lock from the bargain bin like your neighbour did and you're probably safe

0
0

Okay, I understand when in the smart house system there are video cameras, light and smoke sensors, opening the gate system. But smart lock on the front door? I do not know about you, but I can not trust such device. I'm not saying that it's much safer to lock on a key, thieves do not usually stop it, but I somehow can not bring myself to believe that a smart lock is safer than a regular lock. Although the idea itself is quite interesting, I recently came across an interesting video where the guys themselves assembled such a smart lock)

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017