Use a "smart" light bulb? Another IOT problem

Tech Talk, Tech News and Tech Support (Gadgets included)
Post Reply
DEyncourt
Posts: 17403
Joined: Sun Jan 20, 2008 2:38 am

Use a "smart" light bulb? Another IOT problem

Post by DEyncourt »

"Pwn the LIFX Mini white".

Recoverable from this bulb which had been "thrown away":
Conclusion

In a very short limited amount of time, three vulnerabilities have been discovered:

• Wifi credentials of the user have been recovered (stored in plaintext into the flash memory).

• No security settings. The device is completely open (no secure boot, no debug interface disabled, no flash encryption).

• Root certificate and RSA private key have been extracted.

Personally this is the first I had ever heard about LIFX bulbs, but it does make you wonder about the others....
User avatar
obvs
Posts: 27731
Joined: Sat Jan 12, 2008 8:44 pm
Title: Socialist isn't an epithet;it's a badge.

Post by obvs »

Interesting. I was considering buying some.
User avatar
maurvir
Posts: 25365
Joined: Mon Nov 15, 2010 10:13 pm
Title: Steamed meat popsicle

Post by maurvir »

As long as you know it's hackable, the hardware still looks kind of interesting. If anything, this makes them MORE interesting in a way.

Also, keep in mind you would have to saw the things open to get to that debug port.
User avatar
Kirk
Posts: 25939
Joined: Mon Feb 04, 2008 5:09 pm
Location: SLO

Post by Kirk »

I was thinking of using wifi light switches instead. I imagine they've got a similar problem. I guess I'll wait a while for the bugs to get fixed.
DEyncourt
Posts: 17403
Joined: Sun Jan 20, 2008 2:38 am

Post by DEyncourt »

maurvir wrote: As long as you know it's hackable, the hardware still looks kind of interesting. If anything, this makes them MORE interesting in a way.

Also, keep in mind you would have to saw the things open to get to that debug port.

Sure, but this is a common "justification" for lack of security among IOT devices: "C'mon! Who is going to go through so much effort for this info?"

Some hacker WILL.
User avatar
avkills
Posts: 3127
Joined: Sun Nov 14, 2010 9:46 am
Location: Everywhere

Post by avkills »

I think the self lacing shoes (I assume via bluetooth) are more idiotic than WiFi lightbulbs.
"Killing them dead till they believe"
† The Church of Mark †
User avatar
user
Posts: 29386
Joined: Fri Jan 18, 2008 4:40 pm
Title: Stupid cockwomble

Post by user »

You are thinking as a healthy person.

There are plenty of people who have physical issues with shoelaces. Not so idiotic.
Aw, he's no fun, he fell right over.

Science is Truth for Life. In FORTRAN tongue the Answer.

...so I'm supposed to find the Shadow King from inside a daiquiri?
User avatar
dv
Posts: 30687
Joined: Wed Jan 16, 2008 3:42 pm

Post by dv »

user wrote: You are thinking as a healthy person.

There are plenty of people who have physical issues with shoelaces. Not so idiotic.


Self lacing shoes are great. The dumb part is the internet connection.
Image
User avatar
Betonhaus
Posts: 2911
Joined: Thu Aug 30, 2018 10:25 pm

Post by Betonhaus »

dv wrote:
user wrote: You are thinking as a healthy person.

There are plenty of people who have physical issues with shoelaces. Not so idiotic.


Self lacing shoes are great. The dumb part is the internet connection.

Well they're great if you're out of the house and realized you forgot to... Oh, wait.
User avatar
avkills
Posts: 3127
Joined: Sun Nov 14, 2010 9:46 am
Location: Everywhere

Post by avkills »

dv wrote:
user wrote: You are thinking as a healthy person.

There are plenty of people who have physical issues with shoelaces. Not so idiotic.


Self lacing shoes are great. The dumb part is the internet connection.


Yes, sorry I wasn't more clear. Yeah I don't have a problem with the self lacing part.
"Killing them dead till they believe"
† The Church of Mark †
Post Reply