Security experts reveal weakness in WiFi connected LIFX light bulbs

Jul 09, 2014 by Bob Yirka report

Experts at Context Security have announced that they found a security issue with LIFX smart-light bulbs. In hacking the firmware they found they were able to intercept messages sent across the mesh network, giving them access to WiFi passwords. After notification by Context, LIFX posted a notice to its web site acknowledging the security flaw and announcing that a security fix had been created and made available as part of a firmware update for their smart bulbs.

The report from Context highlights a growing concern—devices that are part of the movement towards "The Internet of Things," where common devices such as refrigerators and lights are connected to the Internet allowing for remote control from phones, tablets or computers, may not be as secure as phones or computers. Hackers purchasing such products and finding in their firmware may be able to use what they learn to hack their way into private WiFi networks, and from there, user device data. There is also the issue of user involvement—it's doubtful that most people will go to the trouble of keeping up to date on firmware upgrades to fix for devices in their homes that they rarely even think about.

The LIFX smart-bulb made news two years ago as a Kickstarter project—its developers collected over thirteen times the $100,000 they were looking for. The now established company competes with other smart-bulb products such as Philips Hue lights and GE's Link bulb.

Context experts purchased several of the LIFX smart-bulbs (LED bulbs connected to a WiFi enabled circuit board). They found that when the bulbs "talked" to each other across a (6LoWPAN powered) , the messages contained a username and password. Because the underlying pre-shared key was never changed, all the white-hat guys had to do to gain access was set up a similar circuit board simulating one of the smart bulbs asking to join the network. That allowed them to steal credentials and eventually gain control of all the lights on the network. They report that a potential hacker could have gained access in private homes or businesses if they could have gotten as close as 30 meters to the bulbs. They note also that such a hack would have gone undetected by the owner of the network.

Explore further: Connected devices in smart homes have control issues

More information:

add to favorites email to friend print save as pdf

Related Stories

Connected devices in smart homes have control issues

Apr 03, 2014

( —Smart homes are growing smarter. But it all depends on how you define "smart." Smart, as in connected to the Internet, or smart as in a well-planned architecture of intelligent gadgets that ...

'Smart' homes open doors to hackers

Jul 30, 2013

Smart homes that let residents control alarms, locks and more over the internet are opening doors for crooks with hacker skills, according to computer security specialists.

Review: 'Smart' LED bulbs controlled by iPhones

Mar 13, 2013

LED bulbs seem to be the future of home lighting: They save electricity, they're durable and they don't contain mercury like compact fluorescents. But having them produce white light like any old light bulb ...

Recommended for you

Does your password pass muster?

Mar 25, 2015

"Create a password" is a prompt familiar to anyone who's tried to buy a book from Amazon or register for a Google account. Equally familiar is that red / yellow / green bar that rates the new password's strength. ...

Beijing behind Internet security violation: group

Mar 25, 2015

China's cyberspace administration is "complicit" in attacks on major Internet companies including Google, an anti-censorship group said Wednesday, calling on firms worldwide to strengthen their defences.

House unveils cyber bill and signals bipartisan compromise

Mar 24, 2015

House intelligence committee leaders unveiled a bipartisan cybersecurity bill Tuesday amid signs of broad agreement on long-sought legislation that would allow private companies to share with the government details of how ...

The ongoing war against cybercrime

Mar 24, 2015

Cybercrime is estimated to cost the global economy upwards of US$400 billion a year, and these costs are expected to continue to rise. ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Jul 09, 2014
It's bad enough that, when my broadband supplier routinely 'churns' the cable modem, my LAN & WiFi glitch until the re-boot is complete, but my WiFi security cameras lapse into 'secure' mode and return to zero/zero position until woken...

This 'network of things' had better include sensible defaults, or they're not going to thrive.

Uh, any-one remember a short scifi tale where, IIRC, the debt-stricken son hacked his elderly parents' 'smart' aircon, causing their clue-less demise ??

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.