Security through obscurity: Smart Light bulb Exposes Wi-Fi Password

A team of British security consultants (Context) hacked their way into a private Wi-Fi network — using Lifx bulbs as the backdoor.

In a typical Lifx setup, one bulb will automatically serve as the “master,” communicating directly with your smartphone and then relaying all info to other “slave” bulbs. Context’s team was able to hack their way in by posing as a new slave bulb and tricking the master bulb into sending them Wi-Fi credentials — the last thing you want a hacker to get their hands on.

On top of that, nothing that Context did raised any red flags within the Lifx network, or on the Lifx app. There wasn’t even a notification that a new bulb was asking to join the network.

Even more alarming was the fact that the decryption protocol Lifx bulbs were using to decode these credentials was a global one. If a hacker were to get their hands on it, they’d essentially have a skeleton key capable of letting them into any network that uses Lifx bulbs.  The credentials are passed from one networked bulb to another over a mesh network powered by 6LoWPAN External Link, a wireless specification built on top of the IEEE 802.15.4 standard External Link. While the bulbs used the Advanced Encryption Standard (AES) External Link to encrypt the passwords, the underlying pre-shared key never changed, making it easy for the attacker to decipher the payload.

This underscores the futility of relying on obscurity to prevent hacking attacks.

Version 1.1 of the LIFX firmware was unavailable for downloads, making it hard for hackers to reverse engineer it and uncover the types of crypto weaknesses that exposed the Wi-Fi credentials (obscurity). The Context engineers found a way around this hurdle. They undertook the painstaking process of removing the microcontroller embedded inside each bulb and connecting different JTAG pins External Link to special debugging hardware to monitor the signals that were sent when lightbulbs were added or removed to a network. “At this point we can merrily dump the flash memory from each of the chips and start the firmware reverse engineering process,” the researchers wrote.

 

Learnings

 

  • No matter how good you obscure something, somebody will find a way to expose your secrets and exploit them
  • Don’t use obscurity. Instead
    • use proper encryption
    • don’t use default universal passwords/keys
    • change any default secret upon first usage/startup
    • use a secure storage (whenever possible)

 

Sources:

http://www.cnet.com/news/hackers-discover-security-weaknesses-within-the-lifx-smart-led/ External Link

http://arstechnica.com/security/2014/07/crypto-weakness-in-smart-led-lightbulbs-exposes-wi-fi-passwords/ External Link

 


© Copyright 2014 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close