Smart Lightbulb Hack Lets Others Steal Your Wi-Fi Password

Soon after news of a smart TV hack prompted a closer look into the Internet of Everything, Internet-enabled LED lightbulbs made by the crowdfunded startup LIFX have been found to be at risk of revealing Wi-Fi passwords.

The “multi-color, energy-efficient LED light bulb” broadcasts the Wi-Fi password along a standard 6LoWPAN mesh network, a standard that works best for low-power wireless devices like bulbs.

White hat hackers found a flaw that allowed them to access the master light bulb and those connected to it. They were then able to request the WiFi details in the mesh network without alerting the home owners. Using this method, hackers can steal an encrypted copy of the password as long as they’re within 30 meters of one of the light bulbs.

It takes a certain degree of technical know-how to decrypt the stolen Wi-Fi password after this, though researchers were able to do so. LIFX has fixed the flaw that allowed the hackers to obtain the passwords. In a blog post, LIFX confirms that they have already updated the bulb’s firmware:

“This issue has been resolved and the firmware updater can be downloaded here.”

“In rare circumstances the security issue could expose network configuration details on the mesh radio, requiring a person to dismantle a bulb, reverse engineer the debug connection and firmware, then be physically present with dedicated hardware within the bounds of your WiFi network (not from the internet). Eg. Someone hiding in your garden with complex technical equipment.

No LIFX users have been affected that we are aware of, and as always we recommend that all users stay up to date with the latest firmware and app updates.”

LIFX Security Update, June 29, 2014

However, this and other proof-of-concept attacks on smart devices serve as cautionary tales surrounding the Internet of Everything. Creating new smart devices is the trend across various industries today. Smart device adoption is also on the rise.

While this is happening, Trend Micro CTO Raimund Genes reminds to whom the task of securing the Internet of Everything falls first, “We already know that vulnerable devices are under attack by cybercriminals. For example, routers are under attack all the time, and can be quite easily compromised. We need the vendors of smart devices to realize that their products, too, can become targets.”
HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Posted in Internet of Things