The smart bulb from LIFX available to buy in the UK has network connectivity to let people turn it on and off with their smartphones. Context Security hacked into the Wi-Fi network of one brand of the network-enabled bulb and controlled the lights remotely.
Michael Jordon, research director at Context, explained how he was able to obtain the Wi-Fi username and password of the household the lights were connected to.
So how were the Smart Bulbs hacked?
“We bought some light bulbs and examined how they talked to each other and saw that one of the messages was about the username and password,” he told the BBC.
“By posing as a new bulb joining the network we were able to get that information,” he added.
“We were able to steal credentials for the wireless network, which in turn meant we could control the lights.“
The LIFX smart bulb project started on the crowd-funding website Kickstarter. Billing itself as the “light bulb reinvented”, it brought in over 13 times its original funding target.
The master smart bulb receives commands from the smartphone applications and broadcasts them to all the other bulbs over a wireless mesh network.
While it had taken two experts two weeks to crack the system, the equipment they had used was cheap and readily available, said Mr. Jordon.
LIFX said that it had updated its software since being notified of the vulnerability.
The firm stated “There was a potential security issue regarding the distribution of network configuration details on the mesh radio but no LIFX users have been affected that were are aware of. As always we recommend that all users stay up-to-date with the latest firmware and app updates“
Thus the problem was patched by the firm later.
Read this article to safeguard you and your loved ones from the dangers lurking on the internet!