



Hacking Internet Connected Light Bulbs 63
An anonymous reader writes We've been calling it for years — connect everything in your house to the internet, and people will find a way to attack it. This post provides a technical walkthrough of how internet-connected lighting systems are vulnerable to outside attacks. Quoting: "With the Contiki installed Raven network interface we were in a position to monitor and inject network traffic into the LIFX mesh network. The protocol observed appeared to be, in the most part, unencrypted. This allowed us to easily dissect the protocol, craft messages to control the light bulbs and replay arbitrary packet payloads. ... Monitoring packets captured from the mesh network whilst adding new bulbs, we were able to identify the specific packets in which the WiFi network credentials were shared among the bulbs. The on-boarding process consists of the master bulb broadcasting for new bulbs on the network. A new bulb responds to the master and then requests the WiFi details to be transferred. The master bulb then broadcasts the WiFi details, encrypted, across the mesh network. The new bulb is then added to the list of available bulbs in the LIFX smart phone application."
Re:Borg Home (Score:4, Interesting)
(disclosure: I own LIFX lightbulbs, and wrote an app that controls them)
"Smart-home" stuff is, currently, mostly toys - you have them for doing stuff that you largely don't need to do.
Some Smart-home stuff is able to go beyond the toy-stage, like intelligent control of heating, remote monitoring etc, where they can serve specific, valuable purposes.
As for "intelligent" lightbulbs? Mine are able to entertain the kids for 20 minutes (let them go amok with the app), while I worked on making my phone advice me of SMSes and emails via a brief colour-change to a bulb; this is still in the toys-stage, but slowly starts serving a purpose.
So, in view of you stating it is overkill, I'd ask whether saving on your heating bill is overkill, or whether having fun with setting lighting-levels and -colours is overkill? :)
Naturally, the answer depends on your values in life
Note: My latest suggestion for use of Smart-home equipment was to mix a LIFX lightbulb with a Doorbot (doorbell with camera and wifi), to alert a deaf person of the doorbell being used, by sending visual cues via the lightbulbs (specific colour-change).
I just read my neighbors sensors for now. (Score:2, Interesting)
No need to mess with anybody. Just read temperature sensors with home-brew receiver. It now scans the entire range and decodes multiple models of sensors. Most of the 433MHz sensors are extremely easy to decode... I see no reason why they shouldn't be. Would suck if they encrypted them. The power outlet control devices though.... why would you not encrypt that? I was able to start controlling my own 110v devices with custom receiver/transmitter in about 1 day of hacking no problem. . Should be easy to control the neighbors as well (if I were so inclined). Of course, with some elevation and more power, it would be possible to be extremely annoying. In summary, make your transmit only devices un-encrypted. Make your read/write devices encrypted.