Context Information Security, a UK-based security company, has revealed that LED light bulbs can leak Wi-Fi passwords to hackers. The company, in a statement, revealed that it managed to hack into Wi-Fi-enabled LIFX light bulb and remotely control the lights.
The LIFX light bulb has network connectivity that allows it to be switched off and on using smartphones.
Research director at Context Information Security, Michael Jordon, explained to BBC how he was able to get the Wi-Fi password and username of a household that had installed the light bulb.
Jordon said that they purchased some bulbs and investigated how they communicated with each other. They found password and username among the message content exchanged.
He added that two experts took two weeks to crack the system using readily accessible and inexpensive equipment. They managed to steal the wireless network credentials by posing as a new bulb that sought to join the network. This allowed them to control the lights.
The light bulb obtains commands from the smartphone applications and transmits them to every bulb over a wireless mesh network.
LIFX, the firm behind the bulbs, has since updated its software after being notified of the vulnerability. The LIFX project began on Kickstarter, a crowd-funding website. Publicizing itself as the “light bulb reinvented”, the company made more than 13 times its original funding target.
LIFX stated that there was a possible security problem with the distribution of network configuration details on the mesh radio. However, no LIFX consumers have been affected.
“We recommend that all users need to stay updated with the most recent app and firmware updates,” LIFX said.
Everyday, objects are increasingly being connected to the network, a process called the ‘internet of things’. The possibility of a number of objects being hacked is set to increase exponentially, said research firm Gartner.
While laptops and phones have had a longer duration to correct security problems, these new devices have not learnt from the previous mistakes and are therefore easy gateways into hacking.
Brian McGuigan, Silver Spring Networks commercial director, stated that security issue was not limited to home devices as most furniture in cities are also connected to the network.
Silver Spring Networks provides networks for smart lighting and smart cities
The users in cities have minimal understanding of security so producers should be encouraged to leverage the security standards that have been utilized widely in other industries, McGuigan further noted. Cities are using the ‘internet of things’ to act as a building block though most companies providing new products are start-ups and under pressure to market their products fast, he noted.