Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Security Hardware Hacking Network The Internet

Hacking Internet Connected Light Bulbs 63

Posted by Soulskill
from the not-a-bright-idea dept.
An anonymous reader writes We've been calling it for years — connect everything in your house to the internet, and people will find a way to attack it. This post provides a technical walkthrough of how internet-connected lighting systems are vulnerable to outside attacks. Quoting: "With the Contiki installed Raven network interface we were in a position to monitor and inject network traffic into the LIFX mesh network. The protocol observed appeared to be, in the most part, unencrypted. This allowed us to easily dissect the protocol, craft messages to control the light bulbs and replay arbitrary packet payloads. ... Monitoring packets captured from the mesh network whilst adding new bulbs, we were able to identify the specific packets in which the WiFi network credentials were shared among the bulbs. The on-boarding process consists of the master bulb broadcasting for new bulbs on the network. A new bulb responds to the master and then requests the WiFi details to be transferred. The master bulb then broadcasts the WiFi details, encrypted, across the mesh network. The new bulb is then added to the list of available bulbs in the LIFX smart phone application."
This discussion has been archived. No new comments can be posted.

Hacking Internet Connected Light Bulbs

Comments Filter:
  • Re:Nonsense (Score:5, Informative)

    by RealGene (1025017) on Saturday July 05, 2014 @12:40AM (#47386869)
    That's the whole point of TFA. A lightbulb will hand out the WiFi credentials to anything impersonating another lightbulb.
    No need to crack WPA, just hop into the mesh network, announce that you're a lightbulb, and the keys are handed to you.
    So, your lights, thermostat, lawn-watering controller, swimming pool monitor, and eventually your TV and your refrigerator become attack surfaces that roll over just by looking at them and saying "please".

Who goeth a-borrowing goeth a-sorrowing. -- Thomas Tusser