There are many reasons not to buy a smart lock, but high on the list is the risk of getting remotely locked out of your crap. For hundreds of customers using Lockstate's smart locks, that potentiality became a reality last week — with some Airbnb users getting screwed the hardest.
GIF Source: Lockstate
Keys have been around for hundreds, if not, thousands of years. We've all used them. We generally understand how they work and how vulnerable they can be. Some are better than others. And now that the simplest of devices in the home are connecting to the cloud, it's time to figure out just how safe or smart these new-fangled smart locks really are.
Lockstate CEO Nolan Mondrow wrote a letter to customers who were affected by the screw up on August 8. He explained that "a software update was sent to your [6000i] lock, it failed to reconnect to our web service making a remote fix impossible". The automatic update that was pushed out over the Wi-Fi-connected locks bricked about eight per cent of the devices it was sent to according to Mondrow.
When your smart lock is busted, it isn't just a matter of calling the locksmith and stopping by Bunnings to pick up a new one. Lockstate offered a replacement by mail for customers who sent in the back portion of the lock for reformatting within five to seven days. Customers who wanted a replacement without sending their own lock first face a 14-18 day wait time. The company told Threatpost that about 500 customers lost their locks and a free year of access to its portal service was being offered as a mea culpa.
For individual customers, this may not have been a huge issue — both keyed and keypad entry are available on the smart locks. But for businesses, this was likely a huge pain in the arse. Airbnb recommends the smart lock as part of its Host Assist program. A property owner can rent out their space and just give the code to a renter from wherever they happen to be. The bricked locks apparently left some renters angry:
— Juniper (@JuniperWyoming) August 7, 2017
LockState told Threatpost that "200 Airbnb customers were impacted". Gizmodo contacted Airbnb for comment and a spokesperson claimed that the company doesn't have a tally of how many total hosts had issues, but "less than five" had contacted them about it. Airbnb confirmed the number of hosts using the lock as being around 200 people and said, "this issue has been 100-per cent resolved."
If reactions on Twitter are any indication, it would seem that the figure might be an exaggeration. An Airbnb host named Ruffin Provost told TechCrunch that he found the company's response to be lacking:
The company initially told me they had no extra locks to send me for a replacement and I'd have to wait up to 20 days. After word started getting around late Friday about all this, the marketing director left me a message that they had now gotten some extra locks somehow. But I had already sent back parts of both my locks.
Provost says he'll now have to sell his two new locks after receiving his fixed locks. He asked why the company hadn't been more proactive getting out detailed information for replacements, and he says that someone from Lockstate told him, "Sometimes the best way is to reach out to them in mass through a vehicle like Twitter. But I've got to sell new locks as well."
Right, advertising that your smart locks get bricked by software updates really isn't the most enticing selling point. Just remember, it could always be worse. The software update could've just left everyone's house unlocked for god knows how long before they noticed.