Smart Devices Could Expose WiFi Passwords, or Worse

John Lister's picture

Are smart devices a security risk? Security firm Rapid 7 seems to think so. According to the researchers, a range of Internet-connected light bulbs had at least nine security flaws. While the potential consequences are hardly life or death, it could be a blow to the concept of smart devices in the home.

Osram's Lightify range of light bulbs lets users control lighting via a smartphone or tablet app. The idea is partly to allow more precise controls, such as dimming a bulb or even changing its color, and partly to allow users to remotely access the lights. For example, if a home owner is unexpectedly delayed and will now be coming home after dusk, they can switch on the lights so the house doesn't appear unattended.

Security firm Rapid 7 has examined the technology behind the system and says that it found nine vulnerabilities. Rapid 7 then contacted Osram to warn that it would unveil its findings, and says that five of the nine flaws have already been patched. (Source: rapid7.com)

Hackers Could Remotely Control Lighting

One of the flaws (which has now been patched) deals with how users could login to the smart light bulb account control via a web browser. The bug meant hackers could gain unauthorized access to the account and take control of the lighting.

Another problem - still unfixed - deals with the way the lighting system uses encrypted Internet data to connect with the user's device. This means that it is possible for a hacker to intercept data on the network in an unencrypted form, and potentially decrypt WiFi passwords.

WiFi Passwords Potentially Exposed

The biggest problem, which has also been patched, dealt with the iPad app for controlling the lighting system. The app had been set up to store the user's WiFi network password and SSID in plain text. That meant anyone could read this information and then gain unauthorized access to the home owner's entire network.

As a result, this could have far more serious consequences than just accessing the lighting system; once the network has been exposed, bandwidth could be stolen, other computers on the network could be accessed, and/or sensitive could be read or possibly deleted, for example.

Osram says it will patch all remaining bugs by next month where possible, but says that some of the problems are to do with underlying wireless technology that is not in its "area of influence." (Source: zdnet.com)

What's Your Opinion?

Can you see any point in 'smart' light bulbs? Are manufacturers doing enough to maintain security on such devices? Do security concerns outweigh the convenience of Internet-connected home gadgets for you?

Rate this article: 
Average: 4.8 (6 votes)

Comments

Dennis Faas's picture

This won't be the last we hear of smart devices having major security flaws. The fact is that a smart device is no different than any other computer or peripheral - it contains software written by human beings, and human beings are prone to error. Mix that with innovative companies trying to be the first on the market with the latest and greatest tech gadget, and you have a mashup of devices that are going to have fairly hefty bugs that could also pose severe security risks.