LIFX Smart LED light bulbs can be controlled remotely by mobile devices. This convenience means a person can turn on or off all of the lights or selected lights in their home from their mobile device. There was discovered to be a security flaw in the light bulbs WiFi that allowed an attacker to steal WiFi passwords. The attacker could begin the hack once they discovered which bulb was the master bulb. From there they were able to expose the user's network configuration. LIFX utilizes a meshed network and researchers were able to inject packets into the network without any authentication. Being able to accomplish this without authentication enables them to capture WiFi details and decrypt the credentials. All of this occurs without ever being detected. The researchers did conclude that a widespread attack would not be possible because the attacker would have to be located within 30 meters of wireless range. While this is the case with LIFX, there are other wireless products on the market that have no range restrictions.
When companies are developing new products that can be used with WiFi they need to consider security vulnerabilities such as the ones that occurred with the LIFX light bulbs. As Smart homes are dubbed with being more energy efficient and this technology trend will likely continue. By doing so companies may be putting consumers at risk with such vulnerabilities.
Paganini, P. (2014, July 9). Hacking LIFX Smart LED
Light Bulbs to Steal WiFi Passwords. Retrieved July 10, 2014, from Security
Affairs:
http://securityaffairs.co/wordpress/26475/hacking/hacking-lifx-smart-led-light-bulbs-steal-wifi-passwords.html
No comments:
Post a Comment