IT security researchers have discovered that LIFX light bulbs have security weaknesses.
LIFX bulbs are WiFi-enabled multi-coloured, energy efficient LED light bulbs that can be controlled from a smart phone. The Smart LIFX bulbs, which sell for $129 for a single bulb, were created by Australian entrepreneurs living in Silicon Valley.
But researchers at Context Information Security discovered that the smart LIFX bulbs are exposing their users’ home WiFi passwords.
With WiFi access, hackers might have the potential to access personal files on computers, take advantage of the internet connection to download large files, print documents on any connected printers, and most annoyingly, change the colour of, and turn on and off the LIFX bulbs.
After determining how the bulbs spoke to each other, Context researchers investigated how they shared home WiFi network credentials. They found the encryption was being used and after pulling the bulbs apart, they discovered that they could reverse-engineer the encryption.
In their findings published online, the researchers said that they were able to “capture the WiFi details and decrypt the credentials, all without any proper authentication or alerting of our presence”.
It was also noted that the hacker would need to be within 30 metres of a vulnerable LIFX bulb to perform the attack – an observation that severely limits the practicality of exploitation on a large scale.
LIFX said in a blog addressing the vulnerability of their product that no LIFX users have been affected that they are aware of, and recommended that all users stay up to date with the latest firmware and app updates. – Jessica Heckley
Top photo from Irish Typepads’ Flickr photostream