Smart deadbolt maker accidentally locks out its customers

After a firmware update backfired, hundreds of LockState customers were left unable to use their connected locks and forced to wait at least a week for a fix.

Ry Crist Senior Editor / Reviews - Labs
Originally hailing from Troy, Ohio, Ry Crist is a writer, a text-based adventure connoisseur, a lover of terrible movies and an enthusiastic yet mediocre cook. A CNET editor since 2013, Ry's beats include smart home tech, lighting, appliances, broadband and home networking.
Expertise Smart home technology | Wireless connectivity Credentials
  • 10 years product testing experience with the CNET Home team
Ry Crist
2 min read

Thinking of sticking a smart lock on your front door to help automate access into your home? A few hundred customers of a company called LockState might encourage you to think differently.

Those customers -- roughly 500 in total -- recently came home to discover that a botched firmware update had rendered their model LS-6i connected lever locks inoperable. 

"After a software update was sent to your lock, it failed to reconnect to our web service making a remote fix impossible," LockState CEO Nolan Mondrow said in an email to customers.

The incident spotlights concerns over the security -- and reliability -- of the so-called internet of things and the skyrocketing number of app-enabled gadgets and gizmos vying for a place in our homes. With more and more of the devices we use every day becoming dependent on the cloud to function, the pressure is on manufacturers to ensure safe, smooth operations users can count on. That's no easy task given variables such as internet speeds, competing smart home platforms and the variety of different smart phones and other devices people use to control everything.

Mondrow went on to offer the affected customers one of two solutions. They can tear the lock out and mail it to LockState HQ to be fixed and returned within a week, or they can wait two weeks for LockState to ship them a replacement lock. Either way, they're breaking out the screwdriver and ripping the lock out of their door. That might be somewhat cathartic at this point, but waiting a week or more without a lock on your door is obviously a big problem.

To make matters worse, LockState is a member of Airbnb Host Assist, a collection of partners for the home-sharing service aimed at helping people rent out their living spaces. Sure enough, Threatpost reports about 200 of those affected customers are Airbnb hosts, some of whom may have had to alter or cancel reservations during peak vacation season.

LockState's locks include keyed entry, so affected customers are still able to get in the old fashioned way. That's a small consolation given that customers spent hundreds of dollars on these locks with the convenience of their connected features in mind, but it's still better than being unable to get in at all.

In addition to fixing and replacing the busted deadbolts, LockState is offering affected customers a year of free access to the LockState Connect Portal, the cloud-based subscription service that's supposed to keep these smart locks operational.

"We hope that you will give us a chance to regain your trust," Mondrow said.

Editor's note: The affected LockState products are lever locks, not deadbolts, as the article originally stated. The text has been updated accordingly.