![]() ![]() LIFX apparently confirmed the results and got Limited Results to agree to a 90-day hold before Limited Results disclosed the problems. Limited Results says he or she tried to contact LIFX about this last May, but got no response until after trying again in October. Unlike some other smart bulbs, they connect directly to a home Wi-Fi network rather than through a hub. LIFX Mini bulbs work with Amazon Alexa, Apple HomeKit and Google Assistant. "I decided to stop the investigation after that." "This device is totally open," wrote the researcher, who has also investigated Tuya and Yeelight smart bulbs.Īnd for the piece de resistance: "Root certificate and RSA private key are present into the firmware," Limited Results posted. Limited Results then checked the firmware's internal security settings and found that, well, there really weren't any. ![]() The name and WPA2 password of Limited Results' Wi-Fi network were easily found. Using standard hardware-hacking tools, Limited Results booted up the board, dumped the firmware to a computer and analyzed the code. He or she bought a LIFX Mini for 30 euros on Amazon, set it up as one normally would and then took it apart to get to the bulb's circuit board. Getting all these details was moderately difficult for Limited Results, who appears to be posting from somewhere in western Europe. MORE: How to Secure Your (Easily Hackable) Smart Home Tom's Guide has reached out to LIFX for comment, and we will update this story when we receive a reply. We're waiting to see if the hard-coded private encryption key can be used to update the firmware on more than one bulb. Smashing them up into small pieces might be better. The upshot of all this: At the very least, don't throw your dead LIFX Mini bulbs into the trash intact.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |