Security experts reveal weakness in WiFi connected LIFX light bulbs

Jul 09, 2014 by Bob Yirka report

Experts at Context Security have announced that they found a security issue with LIFX smart-light bulbs. In hacking the firmware they found they were able to intercept messages sent across the mesh network, giving them access to WiFi passwords. After notification by Context, LIFX posted a notice to its web site acknowledging the security flaw and announcing that a security fix had been created and made available as part of a firmware update for their smart bulbs.

The report from Context highlights a growing concern—devices that are part of the movement towards "The Internet of Things," where common devices such as refrigerators and lights are connected to the Internet allowing for remote control from phones, tablets or computers, may not be as secure as phones or computers. Hackers purchasing such products and finding in their firmware may be able to use what they learn to hack their way into private WiFi networks, and from there, user device data. There is also the issue of user involvement—it's doubtful that most people will go to the trouble of keeping up to date on firmware upgrades to fix for devices in their homes that they rarely even think about.

The LIFX smart-bulb made news two years ago as a Kickstarter project—its developers collected over thirteen times the $100,000 they were looking for. The now established company competes with other smart-bulb products such as Philips Hue lights and GE's Link bulb.

Context experts purchased several of the LIFX smart-bulbs (LED bulbs connected to a WiFi enabled circuit board). They found that when the bulbs "talked" to each other across a (6LoWPAN powered) , the messages contained a username and password. Because the underlying pre-shared key was never changed, all the white-hat guys had to do to gain access was set up a similar circuit board simulating one of the smart bulbs asking to join the network. That allowed them to steal credentials and eventually gain control of all the lights on the network. They report that a potential hacker could have gained access in private homes or businesses if they could have gotten as close as 30 meters to the bulbs. They note also that such a hack would have gone undetected by the owner of the network.

Explore further: Connected devices in smart homes have control issues

More information: blog.lifx.co/

add to favorites email to friend print save as pdf

Related Stories

Connected devices in smart homes have control issues

Apr 03, 2014

(Phys.org) —Smart homes are growing smarter. But it all depends on how you define "smart." Smart, as in connected to the Internet, or smart as in a well-planned architecture of intelligent gadgets that ...

'Smart' homes open doors to hackers

Jul 30, 2013

Smart homes that let residents control alarms, locks and more over the internet are opening doors for crooks with hacker skills, according to computer security specialists.

Review: 'Smart' LED bulbs controlled by iPhones

Mar 13, 2013

LED bulbs seem to be the future of home lighting: They save electricity, they're durable and they don't contain mercury like compact fluorescents. But having them produce white light like any old light bulb ...

Recommended for you

US won't reveal records on health website security

Aug 19, 2014

The Obama administration has concluded it will not publicly disclose federal records that could shed light on the security of the government's signature health care website because doing so could "potentially" allow hackers ...

Premier FBI cybersquad in Pittsburgh to add agents

Aug 17, 2014

The FBI's premier cybersquad has focused attention on computer-based crime in recent months by helping prosecutors charge five Chinese army intelligence officials with stealing trade secrets from major companies and by snaring ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

Nik_2213
not rated yet Jul 09, 2014
It's bad enough that, when my broadband supplier routinely 'churns' the cable modem, my LAN & WiFi glitch until the re-boot is complete, but my WiFi security cameras lapse into 'secure' mode and return to zero/zero position until woken...

This 'network of things' had better include sensible defaults, or they're not going to thrive.

Uh, any-one remember a short scifi tale where, IIRC, the debt-stricken son hacked his elderly parents' 'smart' aircon, causing their clue-less demise ??