Hundreds Of Smart Locks Get Bricked By A Buggy Firmware Update (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Hundreds Of Smart Locks Get Bricked By A Buggy Firmware Update (bleepingcomputer.com)

Posted by EditorDavid on Sunday August 13, 2017 @04:24AM from the world's-smartest-bricks dept.

An anonymous reader quotes BleepingComputer: On Tuesday, August 8, smart locks manufacturer LockState botched an over-the-air firmware update for its WiFi enabled [RemoteLock 6i] smart locks, causing the devices to lose connectivity to the vendor's servers and the ability to open doors for its users... The device costs $469 and is sold mainly to Airbnb hosts via an official partnership LockState has signed with the company. Hosts use the smart locks to configure custom access codes for each Airbnb renter without needing to give out a physical key to each one. The botched firmware bricked the device's smart code access mode. Physical keys continued to work. The botched firmware was a nuisance for private home owners, but it was a disaster for Airbnb hosts, who had to scramble to get customers physical keys so they could enter their rents.
The post includes tweets from angry lock owners, one complaining about a two-week wait for a replacement. The company is also offering to fix the defective units within "5-7 days," promising that "Every employee and resource at LockState is focused on resolving this for you as quickly as possible."

29 of 119 comments (clear)

Min score:

Reason:

Sort:

Inside Job... by js290 · 2017-08-13 04:27 · Score: 5, Insightful

Yet another data point demonstrating outages are better caused by admins than by hackers.

--
"Tempers are wearing thin. Let's just hope some robot doesn't kill everybody." --Bender
Cloud equivalent by CaptainOfSpray · 2017-08-13 04:33 · Score: 5, Interesting

Yet another data point to underpin the motto "Never allow any data or access or service that you value to be controlled by Somebody Else's Computer"

--
"Cock Up Your Beaver" does not mean what you think. This sig is intended to clog filters and annoy do-gooders
1. Re:Cloud equivalent by Kergan · 2017-08-13 04:49 · Score: 3, Interesting
  
  However big a QA screwup this is, at least give this company credit for actually trying to upgrade their firmware.
2. Re:Cloud equivalent by arth1 · 2017-08-13 05:08 · Score: 4, Insightful
  
  However big a QA screwup this is, at least give this company credit for actually trying to upgrade their firmware.
  Um, no. Allowing a firmware change mechanism is the flaw here, and should not be commended.
  The time to harden a lock isn't after it's sold.
3. Re:Cloud equivalent by Hylandr · 2017-08-13 06:41 · Score: 2
  
  Can't wait for car manufacturers to start updating firmware / car computers over night or while I am at the store and bricking my car.
  
  --
  ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
4. Re:Cloud equivalent by Calydor · 2017-08-13 07:15 · Score: 2
  
  A hammer and chisel, crowbar etc. will always be a vulnerability.
  Remember, no lock is stronger than the door in which it sits.
  
  --
  -=This sig has nothing to do with my comment. Move along now=-
5. Re:Cloud equivalent by AmiMoJo · 2017-08-13 07:36 · Score: 5, Insightful
  
  Their mistake was trying to build an impossible product: an internet connected, secure lock that people can rely on.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
6. Re:Cloud equivalent by ctilsie242 · 2017-08-13 08:13 · Score: 5, Insightful
  
  A lock is a relatively simple device, where the states are obviously known. Devices like this should ship and not need firmware upgrades from the factory. There are many embedded subsystems that cannot or will not be upgraded, so the people who made them did it right the first time, and didn't follow the philosophy of "it builds, ship it."
  A lock isn't rocket science. It also is the last thing you need fetching OTA updates. Instead, updates should be delivered via some physical means, if only to ensure someone is on site to test and verify functionality.
  Making sure a device doesn't brick itself is not impossible. I have an older Nook tablet that, if it doesn't boot after eight times, it automatically reloads itself from its original firmware, just so the device is usable in some degree. With a deadbolt, you might want a more secure way of failing, so having multiple areas where ROMs are stored, so if it fails to boot, it goes back to a previous ROM. That way, it might grab some bad code and brick a few times, but once the failed update is off the servers, it would fetch a correct one and be fine.
  Lesson learned from this... find a lock maker that treats their offerings as a security item, and not some throwaway IoT device.
7. Re:Cloud equivalent by Darinbob · 2017-08-13 08:43 · Score: 2
  
  Yup, the lock is owned by the customers, the customers should be told that there's an upgrade and then they apply it themselves.
  Also, there must always be a rollback mechanism, or a reset to factory settings.
8. Re:Cloud equivalent by pixelpusher220 · 2017-08-13 17:07 · Score: 2
  
  The issue here isn't security...it wasn't compromised by attackers. The issue is redundancy in firmware upgrades and no ability to roll back. I get that it's likely massively expensive but remotely upgrading something that can go wrong requires proven backup measures for when things do go wrong.
  
  --
  People in cars cause accidents....accidents in cars cause people :-D
9. Re:Cloud equivalent by tlhIngan · 2017-08-13 18:45 · Score: 2
  
  Um, no. Allowing a firmware change mechanism is the flaw here, and should not be commended.
  The time to harden a lock isn't after it's sold.
  So tell me what internet-connected device, accessible from the internet, will be secure always?
  The reason this lock is there is because it can be accessed over the Internet. Presumably, the instant AirBnB, the owner and the customer agree, the lock will be auto-provisioned with a new access code, and the code activated for the duration of the stay. Once the stay is over, the code auto-deactivates and thus the visitors cannot re-enter the dwelling after their stay is over.
  Sure, you can do it old school and hand out keys, but those get annoying (and you can never be sure they haven't been duplicated). It's why most hotels use electronic door locks - when a guest checks in, the key cards are provisioned which also provisions the lock on their room. If you lose the card, they give out new cards and remove the old cards from the lock.
10. Re:Cloud equivalent by thegarbz · 2017-08-13 21:09 · Score: 2
  
  You're assuming security is black and white. Most locks aren't very secure and can easily be bypassed with a few seconds of lock picking. The goal is not to make something secure, but rather to make something secure enough.
  In a case where you need to hand over keys to strangers, an internet connection is by far not the biggest problem in the scenario.
  Now would I want an internet connected remotely unlockable safe for all my wealth? No.
Software Engineers for the Win! by Anonymous Coward · 2017-08-13 04:37 · Score: 5, Insightful

Way to Go Software "Engineers". I can't wait for the self driving cars to roll out.
We are sorry that your self driving car veered off the road and killed all its passengers. We have isolated the bug to the periphery scanning routine. Please accept 1 Mo of free self-driving car time, or 1 Mo of free Uber/Lyft service, and this complimentary condolence ham. Remember, our liability is limited to the price of the software, please accept this 1499.99 as full compensation for the death of your relatives.
Your insurance is fully liable for the remaining costs, re: the 4 pedestrians that were killed. Our liability ends here, have a great day!
1. Re:Software Engineers for the Win! by Megane · 2017-08-13 05:27 · Score: 5, Funny
  
  Way to Go Software "Engineers".
  But they were the finest Millennials that stock options could buy!
  
  --
  #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
2. Re:Software Engineers for the Win! by CanadianMacFan · 2017-08-13 09:26 · Score: 2
  
  Why does it have to be self driving cars? There is at least one car company, Tesla, doing over the air software updates now and it has the possibility to brick your car any time. Why you "buy" your car you agree for these to happen without your knowledge.
  Imagine the damage done to Tesla if they did an over the air update that did brick their cars. In a way I would like to see it, not because I hate Tesla, but it would bring attention to the masses. A door lock isn't going to do it. And it would be better for this to happen early on and hopefully allow us to gain some control back before the self driving cars arrive. Let me delay the updates for a day because I have an important meeting tomorrow. Most people have lost control of when their computer updates.
QA testing.... by Minupla · 2017-08-13 04:45 · Score: 5, Insightful

I've seen it increasingly over the last few years, shortcuts on testing in order to get an update/new product out the door. This is short sighted. In a year, noone is going to remember it took you a week longer to get it out the door. People WILL remember if you brick all your devices.

--
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
1. Re:QA testing.... by Maximum+Prophet · 2017-08-13 05:42 · Score: 4, Informative
  
  If you are late delivering the product, you *will* be fired. If you send the product prematurely, you *might* brick the device, and have to stay up late fixing it. You decide.
  
  --
  All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
2. Re:QA testing.... by Minupla · 2017-08-13 08:47 · Score: 4, Interesting
  
  In most companies I've worked in, *you* don't decide. You raise the risk to your risk management team, who breaks the bad news to the people who get paid to make the 'hot seat' decisions.
  So failure analysis suggests one of the following happened, all of which fall under the "QA" side of the business processes::
  1) QA was not thorough enough to detect that this firmware update would have enough of a worse failure rate to raise business risks to an unacceptable level.
  2) Risk management wasn't doing their job
  or
  3) Management made a poor business call on letting this go out, and didn't plan for the risk coming to pass (e.g. with pre-staged replacement devices, prepared messaging, etc)
  
  --
  On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
THE BRICK! by Templer421 · 2017-08-13 05:11 · Score: 3, Insightful

Is the backup unlocking device.
Re:It's nice to have a Plan B by arth1 · 2017-08-13 05:13 · Score: 2

but if LockState is telling the truth, they're putting everything they have into fixing the problem
Nothing less should be expected, but that does not in any way diminish what happened. It is also likely not out of a desire to do what's right, but to reduce the number of lawsuits.
Re:Young developer problems by arth1 · 2017-08-13 05:19 · Score: 2, Insightful

This is exactly the type of shit that happens when you have millennial dipshits writing your code. Experience matters, a lot. Something the borderline millennial dipshits that run these companies don't understand.
No. Some code should not be written.
Find a different way.
Quote from LockState employee: by Kaenneth · 2017-08-13 05:46 · Score: 3, Funny

"Oh fuck, oh fuck, we're fucking fucked!"
1. Re:Quote from LockState employee: by Tablizer · 2017-08-13 05:54 · Score: 2
  
  More like, "Oh shit! Now only Microsoft will hire me."
  
  --
  Table-ized A.I.
Wait, wait, wait... WHAT? by Opportunist · 2017-08-13 06:06 · Score: 4, Informative

Can I hear that again?

[...]causing the devices to lose connectivity to the vendor's servers[...]
So, lemme get this straight: These things, that lock my home doors, have a connection to their vendor, reacting to this vendor's command to unlock or lock my home. Did I get that right?
What sane person would WANT that in the first place???

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
1. Re:Wait, wait, wait... WHAT? by Carewolf · 2017-08-13 10:03 · Score: 2, Insightful
  
  Can I hear that again?
  
  [...]causing the devices to lose connectivity to the vendor's servers[...]
  So, lemme get this straight: These things, that lock my home doors, have a connection to their vendor, reacting to this vendor's command to unlock or lock my home. Did I get that right?
  What sane person would WANT that in the first place???
  Apparently people running illegal hotel services, and need a hotel key system for their "non-hotel" on airbnb.
2. Re:Wait, wait, wait... WHAT? by goose-incarnated · 2017-08-13 21:06 · Score: 2
  
  procrastination), but happy wife = happy life.
  My observation is that all the men who say that are exceptionally unhappy.
  
  --
  I'm a minority race. Save your vitriol for white people.
3. Re:Wait, wait, wait... WHAT? by thegarbz · 2017-08-13 21:25 · Score: 3, Informative
  
  What sane person would WANT that in the first place???
  You think the only application for locks is one where you are in complete control. That isn't remotely true. Who would want this? Anyone who's main course of business relies on handing a stranger a key. The ability to control temporary locks digitally is far more security than a fixed easily copyable mechanism that can't be easily changed and is given to random strangers.
  Based on airbnb's stats alone I see 50 million applications.
two copies by sjames · 2017-08-13 07:14 · Score: 2

And the real lesson is that if you're going to do firmware updates like that, you need to ALSO have a backup in ROM that is at least good enough to get connected and re-flash the primary firmware, and a mechanism to boot into it.
Other useful precautions include only doing upgrades when explicitly permitted (so, not just before the owner takes his dream vacation when a screw up would ruin his week). Perhaps best of all, get it right the first time or at least try hard enough that you feel comfortable making updates a very rare manually initiated end-user procedure.
Does anyone even know what the update was supposed to actually fix? It seems the users weren't complaining before the update went out.
Re:It's nice to have a Plan B by Darinbob · 2017-08-13 08:50 · Score: 2

Fundamental problems exist though, and they have fixes. First, allow the device to rollback to previous firmware, or allow a reset to original firmware/configuration. That's almost mandatory for serious companies selling to serious customers, but it's often treated as unnecessary by silly companies selling to the consumer market.
Second, put the customer in charge of when upgrades happen. The device belongs to the customer unless you're merely leasing it. Again, this is mandatory for serious companies selling to serious customers (and sadly, Microsoft isn't in this category anymore)
Finally, always test any change, no matter how innocuous, do not ever believe the developers when they say the last minute change is safe. If you're the CEO of a company you do not want to put your company's fate into the hands of an underpaid and overworked low level manager or developer. Sadly, serious companies for serious customers screw this up all the time, but they can recover from the disaster because of the first two guidelines.