WiFi connected Internet of Things (IoT) devices are always a good target for hackers to try to compromise and attack. Another device has been recently compromised – the LIFX internet connnected light bulb. LIFX was a project that began back in 2012 as a Kickstarter project. It’s now become a victim in the quest of people hacking IoT devices.
The way that the light bulbs connect to WiFi and the home network is that one bulb is deemed the master, and then the other bulbs in the home communicate through it over another simpler protocol called 6LoWPAN. If the master stops working, another bulb steps in and takes its place.
All of this sounds great, except that it means that all of the bulbs must know the WiFi authentication information or else they won’t be able to take over the job as master. In other words, the master must transmit these secrets to all of the other bulbs. And that’s where the problem comes in – LIFX has enabled this functionality in a ….. let’s say less than secure way. This means that it’s possible to grab the information necessary to breach your home network simply by grabbing and analyzing the data passed between these light bulbs.
LIFX has been made aware of this problem and has fixed it. Customers who are using these bulbs are instructed to download new firmware for them.