‘SMART’ LIGHTBULBS REVEAL WI-FI PASSWORDS

Image: Smart Light (Youtube).

Researchers have found a way to reveal Wi-Fi passwords by hacking mobile phone controlled LED “smart” lights.

White-hat hackers with the UK-based security firm Context released their findings this week after successfully obtaining Wi-Fi credentials from 30 meters away.The LIFX lightbulb, yet another addition to the “Internet of things,” allows a user to remotely change a network-connected bulb’s color and strength from a computer or cell phone.

“Armed with knowledge of the encryption algorithm, key, the initialization vector and an understanding of the mesh network protocol we could then inject packets into the mesh network, capture the WiFi details and decrypt the credentials, all without any prior authentication or alerting of our presence,” Context said.

The discovery highlights the inherent danger in having countless home appliances connected to the Internet – as experts predict as many as 50 such devices in the average home by 2022 . Other lights such as the Phillips Hue were successfully hacked last year as well.

“Weaknesses in a popular brand of light system controlled by computers and smartphones can be exploited by attackers to cause blackouts that are remedied only by removing the wireless device that receives the commands…” noted Ars Technica.

While LIFX has reportedly fixed their vulnerability, Phillips disagreed that theirs was an issue.

 “George Yianni, head of technology for connected lighting at Philips, told Ars the Hue lighting system was intentionally designed to grant access to any device connected to a user’s home network,” Ars Technica said.

While everyday consumers are still learning of these technologies, the roll-out has long been in the works. In 2010, Yahoo News reported on the emergence of “flickering ceiling lights” that transmit data to computers.