Security experts reveal weakness in WiFi connected LIFX light bulbs

July 9, 2014 by Bob Yirka report

Experts at Context Security have announced that they found a security issue with LIFX smart-light bulbs. In hacking the firmware they found they were able to intercept messages sent across the mesh network, giving them access to WiFi passwords. After notification by Context, LIFX posted a notice to its web site acknowledging the security flaw and announcing that a security fix had been created and made available as part of a firmware update for their smart bulbs.

The report from Context highlights a growing concern—devices that are part of the movement towards "The Internet of Things," where common devices such as refrigerators and lights are connected to the Internet allowing for remote control from phones, tablets or computers, may not be as secure as phones or computers. Hackers purchasing such products and finding in their firmware may be able to use what they learn to hack their way into private WiFi networks, and from there, user device data. There is also the issue of user involvement—it's doubtful that most people will go to the trouble of keeping up to date on firmware upgrades to fix for devices in their homes that they rarely even think about.

The LIFX smart-bulb made news two years ago as a Kickstarter project—its developers collected over thirteen times the $100,000 they were looking for. The now established company competes with other smart-bulb products such as Philips Hue lights and GE's Link bulb.

Context experts purchased several of the LIFX smart-bulbs (LED bulbs connected to a WiFi enabled circuit board). They found that when the bulbs "talked" to each other across a (6LoWPAN powered) , the messages contained a username and password. Because the underlying pre-shared key was never changed, all the white-hat guys had to do to gain access was set up a similar circuit board simulating one of the smart bulbs asking to join the network. That allowed them to steal credentials and eventually gain control of all the lights on the network. They report that a potential hacker could have gained access in private homes or businesses if they could have gotten as close as 30 meters to the bulbs. They note also that such a hack would have gone undetected by the owner of the network.

Explore further: Kickstarter project team claims its LED bulb world's most efficient

More information:

Related Stories

Review: 'Smart' LED bulbs controlled by iPhones

March 13, 2013

LED bulbs seem to be the future of home lighting: They save electricity, they're durable and they don't contain mercury like compact fluorescents. But having them produce white light like any old light bulb is like using ...

'Smart' homes open doors to hackers

July 30, 2013

Smart homes that let residents control alarms, locks and more over the internet are opening doors for crooks with hacker skills, according to computer security specialists.

Scientists demonstrate first contagious airborne WiFi virus

February 25, 2014

Researchers at the University of Liverpool have shown for the first time that WiFi networks can be infected with a virus that can move through densely populated areas as efficiently as the common cold spreads between humans.

Connected devices in smart homes have control issues

April 3, 2014

( —Smart homes are growing smarter. But it all depends on how you define "smart." Smart, as in connected to the Internet, or smart as in a well-planned architecture of intelligent gadgets that can be managed optimally? ...

Recommended for you

Dutch create world's largest man-made wave

October 5, 2015

In a country where most people live below sea level, studying the oceans is a matter of survival. Now Dutch scientists have created the world's biggest man-made wave in a bid to prepare for the worst.

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Jul 09, 2014
It's bad enough that, when my broadband supplier routinely 'churns' the cable modem, my LAN & WiFi glitch until the re-boot is complete, but my WiFi security cameras lapse into 'secure' mode and return to zero/zero position until woken...

This 'network of things' had better include sensible defaults, or they're not going to thrive.

Uh, any-one remember a short scifi tale where, IIRC, the debt-stricken son hacked his elderly parents' 'smart' aircon, causing their clue-less demise ??

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.