LIFX lightbulbs are smart bulbs that can be turned on and off by a smartphone app. The LIFX project originally started on Kickstarter – a crowd funding website that allows general members of the public to donate money towards the development of new products and designs. The project brought in over 13 times the original funding target, finally reaching the UK market. As smart as these bulbs may sound, a vulnerability was identified allowing for hackers to obtain the Wi-Fi username and password.
After examining how the lightbulbs communicate in order to work together, it was discovered that usernames and passwords were passed between them in order to turn on and off through commands sent through the app. A master bulb receives the transmissions from the smartphone and then broadcasts it across the wireless mesh network to other bulbs.
It took experts 2 weeks with cheap equipment in order to crack the system, giving them full remote control of the lighting systems. They achieved this by posing their device as a new lightbulb, allowing for it to be accepted into the network and collect every single detail shared across the devices including the wireless username and password.
The vulnerability has now been fixed with no users affected by the vulnerability discovered, although all users are advised to stay up to date with all software updates in order to maintain the most up to date performance and security fixes.
Smart devices are rapidly increasing across the globe, with many being released without full security checks being administered. Soon will be the day when every appliance in our households are voice or smartphone operated, although without trial and error across the years, is likely to hold many security issues. The best advice to take is to stick with what you know, spending those few pennies extra on well known brands opposed to cheaper online makes that are unlikely to have been tested to recommended security levels.