A security firm has exposed a critical vulnerability in an LED light bulb that could have allowed hackers to take control of it.
Context said by gaining access into bulb manufacturer LIFX’s Wi-Fi enabled master bulb, it was able capture and decrypt its network configurations.
The researchers, which found vulnerabilities in other internet connected devices, such as home storage systems, printers and baby monitors, accessed the firmware by examining the device’s embedded microcontrollers to identify the encryption mechanism in use.
They then were able to monitor packets on the mesh network and identify the specific packets, which shared the encrypted network configuration among the bulbs.
Michael Jordon, research director at Context: "Hacking into the light bulb was certainly not trivial but would be within the capabilities of experienced cyber criminals.
"In some cases, these vulnerabilities can be overcome relatively quickly and easily as demonstrated by working with the LIFX developers. In other cases the vulnerabilities are fundamental to the design of the products.
"What is important is that these measures are built into all IoT devices from the start and if vulnerabilities are discovered, which seems to be the case with many IoT companies, they are fixed promptly before users are affected."