Researchers have found a way to reveal Wi-Fi passwords by hacking mobile phone controlled LED “smart” lights.
Hackers uncover yet another “Internet of things” vulnerability
The LIFX lightbulb, yet another addition to the “Internet of things,” allows a user to remotely change a network-connected bulb’s color and strength from a computer or cell phone.
White-hat hackers with the UK-based security firm Context released their findings this week after successfully obtaining Wi-Fi credentials from 30 meters away.
“Armed with knowledge of the encryption algorithm, key, initialization vector and an understanding of the mesh network protocol we could then inject packets into the mesh network, capture the WiFi details and decrypt the credentials, all without any prior authentication or alerting of our presence,” Context said.
The discovery highlights the inherent danger in having countless home appliances connected to the Internet — as experts predict as many as 50 such devices in the average home by 2022 . Other lights such as the Phillips Hue were successfully hacked last year as well.
“Weaknesses in a popular brand of light system controlled by computers and smartphones can be exploited by attackers to cause blackouts that are remedied only by removing the wireless device that receives the commands…” noted Ars Technica.
While LIFX has reportedly fixed their vulnerability, Phillips disagreed that theirs was an issue.