A lightbulb as a port of entry for a hacker to steal your wifi password? Yes! Specifically the LIFX smart lightbulbs, but it could be any smart bulb, or for that matter any other ‘smart’ thing connected to that Internet of things.
As we mentioned in our article explaining what the Internet of things is, the downside of the Internet of things is how unsecure items connected to the Internet can be, either inherently, or – and this is critical – as new exploits become available, and your “things” aren’t updated to protect against those exploits.
Specifically, in that article, we said “So, while the Internet of Things seems like a cool concept, just be sure that if they are your things, that you are able to secure them, that you know how to secure them, and that you do secure them. Every ‘thing’ in your life that is connected to the Internet can be a port of entry for hackers.”
And this is exactly what has happened with the LIFX smart bulb.
The LIFX smart lightbulb was created by Phil Bosua, and funded by a Kickstarter campaign in which Bosua raised over a million dollars.
Now, security researchers at Context have revealed that they found a way to “inject packets into the mesh network, capture the WiFi details and decrypt the credentials, all without any prior authentication or alerting of our presence.”
Now, to be sure, these were very dedicated security researchers, and not your average hacker.
But the point is, these smartbulbs could be hacked. And while Context alerted LIFX to their discovery, a malicious hacker is not going to let the makers of a smart device know about their security flaws.
To their credit, LIFX immediately created a patch, and yet this still raises two very important questions:
- How many LIFX lightbulb owners will actually update their software? Before they are hacked?
- While LIFX was extremely responsive, as more and more things get added to the Internet of things, giving hackers an ever-increasing number of things connected to your wifi to attack, will all of the manufacturers of all of those things that connect to your internet be able to keep up with all of the potential security holes? And even if the manufacturers are able to keep up, will you be able to keep up?
As arstechnica’s Dan Goodin points out, “Marketers would have people believe they’re missing out unless their refrigerators, thermostats, and other traditional appliances are connected to the Internet. Yet over and over, these devices have been shown to introduce networking and privacy threats not present in non-networked iterations.”
Demonstrating once again that just because you can do something, it doesn’t mean that you necessarily should.
|Get notified of new Internet Patrol articles!