Adjust mood lighting by turning an interactive wheel on your smartphone screen or set up commercial lighting for a photography shoot. Do all of this and more with a bulb that will last up to 27 years. The LED light bulb, manufactured by LFX, is a hot item in the world of the Internet of Things (IoT), which takes technology beyond the scope of desktops and laptops.
However, this “cool factor” may come with a price. In early July, researchers at Context Information Security exposed a security weakness in the light bulb, which allows a hacker to gain control of all connected light bulbs by gaining access to the master bulb.
Here’s how it works: The first bulb connects to your WiFi network with subsequent bulbs connecting to the master bulb via their own mesh network. By posing as a new bulb on the wireless network, a hacker with the proper equipment and knowledge of encryption could obtain the WiFi username and password. This can prove to be especially dangerous because once the intruder gains access to the home network, other devices could be tampered with and large amounts of data stolen.
Because of the nature of the LIFX network, a hacker must be within 25 yards of the wireless network to be successful, which does limit the ability to exploit the LED bulbs on a large scale. Nevertheless, the security vulnerability raises ongoing questions about flaws in other home-connected devices.
Researchers at Context are in regular contact with LIFX and worked quickly with the company to develop a firmware update that resolved the issue. This should serve as a lesson learned for businesses wishing to connect mission critical systems and devices. When it comes to hacking, where there’s a will, there’s usually a way.