July 8th, 2014, 18:18 PM
Smart LED light bulbs leak wi-fi passwords
Security experts have demonstrated how easy it is to hack network-enabled LED light bulbs.
Context Security released details about how it was able to hack into the wi-fi network of one brand of network-enabled bulb, and control the lights remotely.
The LIFX light bulb, which is available to buy in the UK, has network connectivity to let people turn it on and off with their smartphones.
The firm behind the bulbs has since fixed the vulnerability.
Michael Jordon, research director at Context, explained how he was able to obtain the wi-fi username and password of the household the lights were connected to.
"We bought some light bulbs and examined how they talked to each other and saw that one of the messages was about the username and password," he told the BBC.
"By posing as a new bulb joining the network we were able to get that information," he added.
"We were able to steal credentials for the wireless network, which in turn meant we could control the lights."
The LIFX project started off on crowd-funding website Kickstarter. Billing itself as the "light bulb reinvented", it brought in over 13 times its original funding target.
The master bulb receives commands from the smartphone applications and broadcasts them to all the other bulbs over a wireless mesh network.
While it had taken two experts two weeks to crack the system, the equipment they had used was cheap and readily available, said Mr Jordon.
LIFX said that it had updated its software since being notified of the vulnerability.