When considering your connected home, one of the biggest concerns is how much you’ll end up spending. Those gadgets that link to your smartphone via apps can end up costing quite a bit, but a new hack shows a vulnerability that many hadn’t thought of. In the wrong hands, this workaround could have dire consequences.
The issue was luckily brought forth by some white-hat hackers who were toying with a few connected lightbulbs. Those in question, the LIFX smart lightbulbs, are like any other connected home device; they use your WiFi signal. They can be turned off and on using a smartphone, and use a pretty standard technology for communicating.
WiFi credentials are passed along in the communication process, and use AES encryption standards. Unfortunately, the underlying key never changed, making it easy for a hacker with the right debugging hardware to identify the encryption algorithm, which they could then use to capture and decrypt the WiFi credentials. It’s like locking the deadbolt but not the doorknob — someone could push right through.
LIFX has already fixed the issue, but it serves as a warning to all connected home devices. The tried-and-true methods for securing the network may not be as good as we think, and OEMs need to do a bit more of their own work to make sure our connected doorknobs don’t unlock by someone else’s hand.
Via: Ars Technica