No Image

Security through obscurity: Smart Light bulb Exposes Wi-Fi Password

A team of British security consultants (Context) hacked their way into a private Wi-Fi network — using Lifx bulbs as the backdoor. In a typical Lifx setup, one bulb will automatically serve as the “master,” communicating directly with your smartphone and then relaying all info to other “slave” bulbs. Context’s team was able to hack their way in by posing as a new slave bulb and tricking the master bulb into sending them Wi-Fi credentials — the last thing you want a hacker to get their hands on. On top of that, nothing that Context did raised any red flags within the Lifx network, or on the Lifx app. There wasn’t even a notification that a new bulb was asking to join the network. Even more alarming was the fact that the decryption protocol Lifx bulbs were using to decode these credentials was a global one. If a hacker were to get their hands on it, they’d essentially have a skeleton key capable of letting them into any network that uses Lifx bulbs.  The credentials are passed from one networked bulb to another over a mesh network powered by 6LoWPAN , a wireless specification built on top of the IEEE 802.15.4 standard . While the…

%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.