Hacked Light Bulbs Can Reveal Your Wi-Fi Password

Hacked Light Bulbs Can Reveal Your Wi-Fi Password

It’s all the new craze: the connected or smart home, where at the touch of a button on your smartphone you can dim your living room lights, close the garage door, let the housekeeper into your home because she forgot her key and turn off the water should there be a leak, all while keeping a live, virtual eye on your property. But, with sophisticated technology comes risk if you aren’t vigilant in applying the latest security updates to your smart home. In fact, the latest risk involves LED light bulbs that can be hacked to change the lighting and reveal the homeowner’s Wi-Fi Internet password.

Hacked Light Bulbs Can Reveal Your Wi-Fi PasswordResearchers at Context Information Security were intrigued by LIFX light bulb systems because these LED bulbs use new wireless network protocols, operating on the 802.15.4 6 LoWPAN wireless mesh network, built upon the same base standard used by Zigbee. For the homeowner, they work just like regular light bulbs, simply screw them in; but, with LIFX, the homeowner can also control them from a downloadable smartphone app.

Context Information Security found that “LIFX’ mesh network protocol was largely unencrypted, which allowed them to easily crop messages to control the light bulbs and replay arbitrary packet payloads.” By monitoring these packets, researchers found that when new light bulbs are added, messages are transmitted from the master bulb containing Wi-Fi details. All a hacker has to do is request these details from the master bulb because no alarms were raised within the system.  

Ultimately, researchers were able to identify what encryption code there was and inject packets into the network.

LIFX has since released a firmware update in to fix the problem, but non-updated users remain unprotected.

Even though a hacker would have to be within less than 25 yards to make a hack successful, this demonstrates that the need for cyber security is expanding into our homes.

About the Author

Ginger Hill is Group Social Media Manager.

  • ONVIF is Reaching New Heights ONVIF is Reaching New Heights

    In this episode of SecurPod, Ralph C. Jensen and Leo Levit talk about the organization’s addition of GitHub and the milestone of more than 20,000 conformant products, as well as two Release Candidates. We also talk about the challenges ONVIF faced during this COVID-19 year and the biggest challenges they have faced.

Digital Edition

  • Security Today Magazine - May June 2021

    May June 2021

    Featuring:

    • Tapping into Touch-free Digital
    • Deep Learning
    • Working from Home
    • Body-worn Technology
    • A Tragic Turn of Events

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety