Researchers have found a way to reveal Wi-Fi passwords by hacking mobile phone controlled LED “smart” lights.
The LIFX lightbulb, yet another addition to the “Internet of things,” allows a user to remotely change a network-connected bulb’s color and strength from a computer or cell phone.
White-hat hackers with the UK-based security firm Context released their findings this week after successfully obtaining Wi-Fi credentials from 30 meters away.
“Armed with knowledge of the encryption algorithm, key, initialization vector and an understanding of the mesh network protocol we could then inject packets into the mesh network, capture the WiFi details and decrypt the credentials, all without any prior authentication or alerting of our presence,” Context said.
The discovery highlights the inherent danger in having countless home appliances connected to the Internet – as experts predict as many as 50 such devices in the average home by 2022 . Other lights such as the Phillips Hue were successfully hacked last year as well.
“Weaknesses in a popular brand of light system controlled by computers and smartphones can be exploited by attackers to cause blackouts that are remedied only by removing the wireless device that receives the commands…” noted Ars Technica.
While LIFX has reportedly fixed their vulnerability, Phillips disagreed that theirs was an issue.
“George Yianni, head of technology for connected lighting at Philips, told Ars the Hue lighting system was intentionally designed to grant access to any device connected to a user’s home network,” Ars Technica said.
While everyday consumers are still learning of these technologies, the roll-out has long been in the works. In 2010, Yahoo News reported on the emergence of “flickering ceiling lights” that transmit data to computers.
“The LVX system puts clusters of its light-emitting diodes, or LEDs, in a standard-sized light fixture,” the report states. “The LEDs transmit coded messages — as a series of 1s and 0s in computer speak — to special modems attached to computers.”
A 2014 New York Times report revealed how similar LED technologies have already been implemented at the Newark Airport.
“Using an array of sensors and eight video cameras around the terminal, the light fixtures are part of a new wireless network that collects and feeds data into software that can spot long lines, recognize license plates and even identify suspicious activity, sending alerts to the appropriate staff.”
Former CIA chief David Petraeus praised the flood of Internet-connected devices in 2012 at a summit for the CIA’s venture capital firm In-Q-Tel, noting the increased ability to spy on Americans.
“Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters — all connected to the next-generation internet using abundant, low-cost, and high-power computing,” Petraeus said.