A lightbulb as a port of entry for a hacker to steal your wifi password? Yes! Specifically the LIFX smart lightbulbs, but it could be any smart bulb, or for that matter any other ‘smart’ thing connected to that Internet of things.
As we mentioned in our article explaining what the Internet of things is, the downside of the Internet of things is how unsecure items connected to the Internet can be, either inherently, or – and this is critical – as new exploits become available, and your “things” aren’t updated to protect against those exploits.
Specifically, in that article, we said “So, while the Internet of Things seems like a cool concept, just be sure that if they are your things, that you are able to secure them, that you know how to secure them, and that you do secure them. Every ‘thing’ in your life that is connected to the Internet can be a port of entry for hackers.”
And this is exactly what has happened with the LIFX smart bulb.
The LIFX smart lightbulb was created by Phil Bosua, and funded by a Kickstarter campaign in which Bosua raised over a million dollars.
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
Now, security researchers at [Page no longer available – we have linked to the archive.org version instead] have revealed that they found a way to “inject packets into the mesh network, capture the WiFi details and decrypt the credentials, all without any prior authentication or alerting of our presence.”
Now, to be sure, these were very dedicated security researchers, and not your average hacker.
But the point is, these smartbulbs could be hacked. And while Context alerted LIFX to their discovery, a malicious hacker is not going to let the makers of a smart device know about their security flaws.
|No Paywall Here! The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?|
To their credit, LIFX immediately created a patch, and yet this still raises two very important questions:
- How many LIFX lightbulb owners will actually update their software? Before they are hacked?
- While LIFX was extremely responsive, as more and more things get added to the Internet of things, giving hackers an ever-increasing number of things connected to your wifi to attack, will all of the manufacturers of all of those things that connect to your internet be able to keep up with all of the potential security holes? And even if the manufacturers are able to keep up, will you be able to keep up?
As arstechnica’s Dan Goodin points out, “Marketers would have people believe they’re missing out unless their refrigerators, thermostats, and other traditional appliances are connected to the Internet. Yet over and over, these devices have been shown to introduce networking and privacy threats not present in non-networked iterations.”
Demonstrating once again that just because you can do something, it doesn’t mean that you necessarily should.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!