Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Hardware Hacking Network The Internet

Hacking Internet Connected Light Bulbs 63

An anonymous reader writes We've been calling it for years — connect everything in your house to the internet, and people will find a way to attack it. This post provides a technical walkthrough of how internet-connected lighting systems are vulnerable to outside attacks. Quoting: "With the Contiki installed Raven network interface we were in a position to monitor and inject network traffic into the LIFX mesh network. The protocol observed appeared to be, in the most part, unencrypted. This allowed us to easily dissect the protocol, craft messages to control the light bulbs and replay arbitrary packet payloads. ... Monitoring packets captured from the mesh network whilst adding new bulbs, we were able to identify the specific packets in which the WiFi network credentials were shared among the bulbs. The on-boarding process consists of the master bulb broadcasting for new bulbs on the network. A new bulb responds to the master and then requests the WiFi details to be transferred. The master bulb then broadcasts the WiFi details, encrypted, across the mesh network. The new bulb is then added to the list of available bulbs in the LIFX smart phone application."
This discussion has been archived. No new comments can be posted.

Hacking Internet Connected Light Bulbs

Comments Filter:
  • by Anonymous Coward on Friday July 04, 2014 @05:37PM (#47385547)

    1. offer some snazy new product that really isn't better than the current product
    2. suck up data about the user under the guise of new cool tech features
    3. ?????????????????????
    4. PROFIT from the data

    the key here is grabbing your data. having the ability to turn your lights on over the internet or change your home's temperature or some other useless feature for crazy OCD mental people who need total control over everything is just a cover to get hands on data about you

  • Re:Borg Home (Score:5, Insightful)

    by GNious ( 953874 ) on Friday July 04, 2014 @05:52PM (#47385609)

    (disclosure: I own LIFX lightbulbs, and wrote an app that controls them)
    "Smart-home" stuff is, currently, mostly toys - you have them for doing stuff that you largely don't need to do.
    Some Smart-home stuff is able to go beyond the toy-stage, like intelligent control of heating, remote monitoring etc, where they can serve specific, valuable purposes.

    Intelligent lightbulbs? Mine are able to entertain the kids for 20 minutes (let them go amok with the app), while I worked on making my phone advice me of SMSes and emails via a brief colour-change to a bulb; this is still in the toys-stage, but slowly starts serving a purpose.

    So, in view of you stating it is overkill, I'd ask whether saving on your heating bill is overkill, or whether having fun with setting lighting-levels and -colours is overkill?
    Naturally, the answer depends on your values in life :)

    Note: My latest suggestion for use of Smart-home equipment was to mix a LIFX lightbulb with a Doorbot (doorbell with camera and wifi), to alert a deaf person of the doorbell being used, by sending visual cues via the lightbulbs (specific colour-change).

  • by Anonymous Coward on Friday July 04, 2014 @06:13PM (#47385693)

    I see what you're saying, but I just don't know if that's how things will turn out in the long term, or even in the medium term.

    Just look at cell phones, for crying out loud. I went to get a new phone a few weeks ago, and even the cheapest minimalist phones my telecom provider was offering had cameras and GPS built in, along with the microphone that's obviously needed since it's a phone, and Internet capabilities. Even their shittiest low end clamshell phone had these features, and that phone was retailing for $15 without any sort of discount or subsidy! I couldn't get a plain old cell phone that was just a phone. They didn't offer them!

    If a phone with all of those features costs under $20 today, I can totally see such things being way cheaper in the near future, and then ending up even in something as simple as a light bulb soon enough after that. Maybe the light bulb vendor will only want a board with wireless Internet on it, but in order to get just that it ends up being cheaper to get integrated components that have everything included. So now your IoT light bulb not only has Internet access but it also has a camera, a microphone, GPS and other sensors, even if it doesn't use any of them.

    Then all it takes is a crafty neighbor to use his electronics skills and his Linux skills and his C skills to whip up a device that can control my light bulbs and their unused functionality. Now the camera that wasn't being used is controlled by him, while he sits in his mother's basement watching me as a wash my groin in the shower. He might even pleasure himself while he watches me shower. I find that to be a repulsive idea.

    This is the future we're facing. I don't like it one bit!

  • by MMC Monster ( 602931 ) on Saturday July 05, 2014 @07:04AM (#47387553)

    #1 - You're not that interesting.

    #2 - Connected devices can have interesting power management solutions. It's not just adjusting the home temperature when it figures out no one's going to be home for 8 hours. What about adjusting when the fridge uses the most power during times when electricity is the cheapest? Or sending you a text message if the motion detectors go off but your car is not in the driveway/garage? Or have lights go on just after dusk (regardless of time of year) and go out at a random time between 10 and 11pm (unless motion suggests people are home)?

    The upfront cost of these devices are a bit more. To be absorbed by early adopters, of course. But when the prices come down and the kinks straightened out, they can be quite useful.

    OnTopic: My neighbor showed me the app he had on his phone to monitor his pool. It allowed him to monitor temperature, pH, turn the filter and heater on, etc. The installer gave it a default 4 digit passcode, which was apparently the same four digit passcode that every other installation had. Since the ID number of the pool was adjustable, my neighbor joked that he would sometimes log into random people's pools and flash their pool lights (and had others do it to him as well). Fortunately no one's raised the pool temperature to 90 degrees or something like that (yet).

Adding manpower to a late software project makes it later. -- F. Brooks, "The Mythical Man-Month"