Installing Osram Lightify smart bulbs could gift wrap your Wi-Fi password to hackers

By Rick Stella Published July 27, 2016

Like a setting out of a horror movie, a recent discovery of potential security flaws in Osram’s Lightify smart light bulbs may give hackers the ability to remotely operate a user’s lights, and even control their network, without asking for approval. Perhaps even more critical, the vulnerabilities — of which nine were found by a security researcher at Rapid7 — could also give unwanted visitors access to a home’s Wi-Fi network. Deral Heiland, the researcher who happened upon the cracks in Osram’s armor, has reportedly informed the manufacturer of the flaws, and has stated that a simple software update coming out in August should fix the problem.

Of the nine vulnerabilities found by Heiland, the one likely responsible for the bulk of the problem lies with the smart bulb’s companion application, which stores unencrypted copies of an owner’s Wi-Fi password. Because of this, hackers could easily obtain this information via the app, which would grant them access to anything connected to the Wi-Fi network. In other words, this is bad.

Osram1 — Osram

Recommended Videos

“This is not just about being able to manipulate the light bulbs,” said University College London cybersecurity expert, Professor Angela Sasse. “The vulnerabilities here could give somebody access to control the network itself and that’s a very serious issue. In this day and age, you would regard that as an unacceptable security flaw. It’s a well known thing that you don’t store passwords like that — it’s really elementary.”

Currently, the company says it continues to analyze potential issues with its products and that most of the flaws will likely be resolved come August. For the remaining risks — which reportedly surround the companion ZigBee Hub — the company says it’s working to find a way to develop yet another patch, though it’s uncertain what the patch would actually target.

As smart home technology continues to grow, one of the most important aspects consumers look for is a device’s built-in security. Unfortunately for Osram, until it fixes its issue of unencrypted Wi-Fi passwords, it’s likely few people will be knocking down its door to install a Lightify system.

Topics

Former Digital Trends Contributor

Rick became enamored with technology the moment his parents got him an original NES for Christmas in 1991. And as they say…

Smart Home

Are smart lights bulbs worth it?

The Harth Sleep-Shift Light Bulb running next to a bed.

Smart light bulbs are among the most popular smart home devices of 2023. Offering heaps of functionality and clocking in at prices under $30, they’re an affordable way to bring smarts into your home.

But are they actually worth the investment? After all, they’re more expensive than traditional light bulbs -- and unless they do something really special, they may not be worth the hassle.

Smart Home

Nanoleaf opens preorders for its first-ever Matter smart lights

The Nanoleaf Essential lineup installed in a home theater.

After a brief showing at CES 2023, Nanoleaf’s Matter-enabled smart lighting solutions are now available for preorder. The Essentials lineup consists of both smart light bulbs and smart lightstrips -- and with full support for Matter, they should be easy to integrate into most smart homes.

Three new products are arriving this year, with the Essentials A19 Light Bulb, BR30 Light Bulb, and Essentials Lightstrip all expected to arrive before the end of April. All three work with Matter over Thread, marking the first time Nanoleaf has used the interoperability standard in a product launch. Pricing for the devices starts at $20 for a single smart bulb and goes up to $50 for the Essentials Lightstrip, positioning the lineup as a reasonably affordable way to bring Matter into your smart home.

Smart Home

Save money on your utility bills with these smart home gadgets

The Google Nest Learning Thermostat in stainless steel.

Smart home gadgets can do more than respond to voice commands or automate your household -- they can also save you money. It might require a hefty initial investment, but once your smart home is up and running, it’s not uncommon to see big reductions across most of your utility bills. If you’re looking to save a few extra bucks every month, here are some easy ways to save money with smart home devices.
Upgrade to a smart thermostat

Arguably the best way to save money on your energy bills is by switching to a smart thermostat. These come in all shapes and sizes, but your best bet is to spring for a premium model that offers advanced learning capabilities -- such as the Nest Learning Thermostat. Products in this category give you the best control of your HVAC system, as they’ll actively monitor your usage and suggest ways to be more efficient.