July 9, 2014 report

Security experts reveal weakness in WiFi connected LIFX light bulbs

by Bob Yirka , Tech Xplore

Security experts reveal weakness in WiFi connected LIFX light bulbs

Experts at Context Security have announced that they found a security issue with LIFX smart-light bulbs. In hacking the firmware they found they were able to intercept messages sent across the mesh network, giving them access to WiFi passwords. After notification by Context, LIFX posted a notice to its web site acknowledging the security flaw and announcing that a security fix had been created and made available as part of a firmware update for their smart bulbs.

The report from Context highlights a growing concern—devices that are part of the movement towards "The Internet of Things," where common devices such as refrigerators and lights are connected to the Internet allowing for remote control from phones, tablets or computers, may not be as secure as phones or computers. Hackers purchasing such products and finding in their firmware may be able to use what they learn to hack their way into private WiFi networks, and from there, user device data. There is also the issue of user involvement—it's doubtful that most people will go to the trouble of keeping up to date on firmware upgrades to fix for devices in their homes that they rarely even think about.

The LIFX smart-bulb made news two years ago as a Kickstarter project—its developers collected over thirteen times the $100,000 they were looking for. The now established company competes with other smart-bulb products such as Philips Hue lights and GE's Link bulb.

Context experts purchased several of the LIFX smart-bulbs (LED bulbs connected to a WiFi enabled circuit board). They found that when the bulbs "talked" to each other across a (6LoWPAN powered) , the messages contained a username and password. Because the underlying pre-shared key was never changed, all the white-hat guys had to do to gain access was set up a similar circuit board simulating one of the smart bulbs asking to join the network. That allowed them to steal credentials and eventually gain control of all the lights on the network. They report that a potential hacker could have gained access in private homes or businesses if they could have gotten as close as 30 meters to the bulbs. They note also that such a hack would have gone undetected by the owner of the network.

More information: blog.lifx.co/

© 2014 Tech Xplore

Citation: Security experts reveal weakness in WiFi connected LIFX light bulbs (2014, July 9) retrieved 18 April 2024 from https://techxplore.com/news/2014-07-experts-reveal-weakness-wifi-lifx.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Connected devices in smart homes have control issues
17 shares

Feedback to editors
Team develops a way to teach a computer to type like a human

1 hour ago
Universal 'cocktail electrolyte' developed for 4.6 V ultra-stable fast charging of commercial lithium-ion batteries

2 hours ago
Garbage could replace a quarter of petroleum-based jet fuel every year

3 hours ago
For more open and equitable public discussions on social media, try 'meronymity'

5 hours ago
Mess is best: Disordered structure of battery-like devices improves performance

5 hours ago
Meta's newest AI model beats some peers. But its amped-up AI agents are confusing Facebook users

5 hours ago
An ink for 3D-printing flexible devices without mechanical joints

5 hours ago
Floating solar's potential to support sustainable development

6 hours ago
Harvesting vibrational energy from 'colored noise'

7 hours ago
New understanding of energy losses in emerging light source

7 hours ago
Load comments (1)