Internet of Things – Security Risks in Smart Bulbs

Internet of Things – Security Risks in Smart Bulbs

This post is also available in: heעברית (Hebrew)

Are manufacturers of internet-connected devices putting functionality over security?

The Internet of Things opens up a world of possibilities, but using interconnected devices such as smart light bulbs, smart fridges, wearables and home security systems entails some potential security risks.

Severe security flaws were found at popular home lighting system Osram Lightify, that could leave users vulnerable to potential attacks, reports ZDNet.

Security firm Rapid7 said the vulnerabilities can be used to attack home and enterprise networks, which if fully exploited could allow an attacker to pivot access into an internal network.

Rapid7 warned that one of the worst flaws could allow an attacker to “take control of a product” in order to launch attacks against a browser by allowing the injection of persistent JavaScript and web-based HTML code into the web management interface. That could lead to browser-based attacks against a user. An attacker can also identify the wireless network’s password. The devices use short, eight-character codes, which can be easily cracked within a matter of minutes or hours.

The way the Osram Lightify connected bulbs communicate is over the ZigBee wireless protocol. The security firm said it was possible for a malicious actor to capture and replay the Zigbee communication at any time, and replay those commands to disrupt lighting services without any other form of authentication.

According to EWeek, Osram has patched most of the security flaws found, and said that the next round of patches would fix all the flaws.

It’s not the first time a smart home tech company has fallen at the first security hurdle. Smart home technology has seen an intense focus in recent months, given the explosion in the Internet of Things space. Common flaws in smart home devices will continue to allow hackers to collect data or conduct surveillance.