LIFX Smart Bulbs Vulnerable to Hacking

U.K. based research company Context Information Security has discovered a security weak point in the LIFX smart LED light bulbs. “It is clear that in the dash to get onto the IoT bandwagon, security is not being prioritized as highly as it should be in many connected devices,” said Context Research Director Michael Jordon in an article with Electronics Weekly. 

U.K. researchers discover a security vulnerability with LIFX smart bulbs. (photo courtesy of LIFX)

Startup electronics company LIFX’s LED smart bulb can be controlled by a smartphone through a wireless network. The bulbs use a wireless 802.15.4 6LoWPAN mesh network. When testing the bulbs, Context connected wires to JTAG ports on system microcontrollers TI and STM in order to understand the encryption used among the bulb network. Once connected, researchers were the able to read the encryption algorithm, key initialization vector, and mesh network protocol, according to Electronics Weekly. Researchers were able to use the information gathered to inject packets into the network undetected. 

Once notified of the security problem with the bulbs, LIFX has teamed up with Context to create a firmware patch. A key derived from Wi-Fi credentials is now used for all 6LoWPAN traffic for encryption purposes so that the bulbs can be connected through a secure network. 

 “Hacking into the light bulb was certainly not trivial but would be within the capabilities of experienced cyber criminals,” said Jordon. “In some cases, these vulnerabilities can be overcome relatively quickly and easily as demonstrated by working with the LIFX developers. In other cases the vulnerabilities are fundamental to the design of the products. What is important is that these measures are built into all IoT devices from the start and if vulnerabilities are discovered, which seems to be the case with many IoT companies, they are fixed promptly before users are affected.” 

Reach Context's blog entry for more information: Hacking into Internet Connected Bulbs

Disclaimers of Warranties
1. The website does not warrant the following:
1.1 The services from the website meets your requirement;
1.2 The accuracy, completeness, or timeliness of the service;
1.3 The accuracy, reliability of conclusions drawn from using the service;
1.4 The accuracy, completeness, or timeliness, or security of any information that you download from the website
2. The services provided by the website is intended for your reference only. The website shall be not be responsible for investment decisions, damages, or other losses resulting from use of the website or the information contained therein<
Proprietary Rights
You may not reproduce, modify, create derivative works from, display, perform, publish, distribute, disseminate, broadcast or circulate to any third party, any materials contained on the services without the express prior written consent of the website or its legal owner.
Display devices have been used for many years as a means of HMI (Human Machine Interface) to connect humans and machines interactively, and their usage are still expanding. Automotive interiors are no exception to this trend, with an increasing ... READ MORE
About LiDAR Automotive industry trends In recent years, many vehicles have been launched with ADAS (Advanced Driver Assistance Systems) as standard equipment. As the future evolves towards more automated driving, sensing around the vehicle i... READ MORE