Installing Osram Lightify smart bulbs could gift wrap your Wi-Fi password to hackers

osram smart bulbs vulnerable to hacks osram2
Like a setting out of a horror movie, a recent discovery of potential security flaws in Osram’s Lightify smart light bulbs may give hackers the ability to remotely operate a user’s lights, and even control their network, without asking for approval. Perhaps even more critical, the vulnerabilities — of which nine were found by a security researcher at Rapid7 — could also give unwanted visitors access to a home’s Wi-Fi network. Deral Heiland, the researcher who happened upon the cracks in Osram’s armor, has reportedly informed the manufacturer of the flaws, and has stated that a simple software update coming out in August should fix the problem.

Of the nine vulnerabilities found by Heiland, the one likely responsible for the bulk of the problem lies with the smart bulb’s companion application, which stores unencrypted copies of an owner’s Wi-Fi password. Because of this, hackers could easily obtain this information via the app, which would grant them access to anything connected to the Wi-Fi network. In other words, this is bad.

“This is not just about being able to manipulate the light bulbs,” said University College London cybersecurity expert, Professor Angela Sasse. “The vulnerabilities here could give somebody access to control the network itself and that’s a very serious issue. In this day and age, you would regard that as an unacceptable security flaw. It’s a well known thing that you don’t store passwords like that — it’s really elementary.”

Currently, the company says it continues to analyze potential issues with its products and that most of the flaws will likely be resolved come August. For the remaining risks — which reportedly surround the companion ZigBee Hub — the company says it’s working to find a way to develop yet another patch, though it’s uncertain what the patch would actually target.

As smart home technology continues to grow, one of the most important aspects consumers look for is a device’s built-in security. Unfortunately for Osram, until it fixes its issue of unencrypted Wi-Fi passwords, it’s likely few people will be knocking down its door to install a Lightify system.

Product Review

Glas may be gorgeous, but this spendy thermostat is no smarter than the rest

A stunning OLED screen tops the prettiest thermostat we’ve reviewed in years. But GLAS lacks the brains required to justify its premium price. Read more about it in our full review.

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.

Latest SMS breach could allow hackers access to your online accounts

A new security breach that exposed more than 26 million text messages could be a huge nightmare for users relying on two-factor authentication. Many of the SMS on the database contained security codes and account reset links.

Hacker finds Steam bug that unlocks free games, collects $20K for reporting it

Security researcher Artem Moskowsky discovered a Steam bug that allowed him to generate infinite free keys for any game. Instead of abusing the exploit, Moskowsky reported it to Valve, which gave him a $20,000 reward.

Xfinity indoor/outdoor camera zooms in on Grinch’s faces and license plates

Comcast's Xfinity Home security cameras can help the police catch Grinches who steal delivery packages from your home. The cameras use artificial intelligence to analyze moving objects and zoom in on faces at your door and license plates.
Smart Home

Airbnb hosts are offering free rooms to those displaced by California wildfires

Several thousand Airbnb hosts in California are opening their homes to help those displaced by the devastating wildfires in the state. Free accommodation is being offered to those affected through November 29.

Shop early Black Friday deals on Philips Hue products from Amazon, today only

Avoid the Black Friday hassle and shop great online deals. Amazon is offering huge discounts on refurbished Philips Hue smart lighting products to help light your home. For today only, you can grab a range of smart home tech from Amazon.
Smart Home

Here's our comparison of the Lenovo Smart Display and the JBL Link View

Looking for the right smart display? We're comparing the Lenovo Smart Display vs. JBL Link View, two excellent smart displays that are made for different audiences. Here's what you need to know about both displays and what they do.

All the Best Target Black Friday deals for 2018

The mega-retailer opens its doors to the most competitive shoppers at 6 p.m. on Thursday, November 22, and signs indicate that the retailer means business this year. We've sifted through all of the deals, from consumer electronics to small…

The Best Black Friday Deals from Best Buy in 2018

We've been hard at work assembling all the best Black Friday deals Best Buy offers in 2018 and putting them in one place to save you time and money this holiday season. From laptops to TVs, game consoles to smart speakers and much more…
Smart Home

New wireless power kit puts a charge into your smart speakers via infrared light

Wireless power technology is coming fast, and Wi-Charge is leading the innovative trend with a new wireless power kit that can transform Amazon and Google smart speakers into fully functional, wire-free devices.
Smart Home

Save Smart: The Best Black Friday Smart Home Deals

The number of Black Friday sales can be overwhelming. Here are some of the best bang-for-your-buck deals you'll find this year on the most popular smart home products on the market.

Amazon’s new trade-in and recycling programs gives your gizmos a ‘second chance’

Amazon is generating a new level of sustainability into its platform with Amazon Second Chance, a new portal that encourages consumers to trade in and recycle their old electronic devices.
Smart Home

Amazon rejoins the fight against HIV/AIDS with a (Red) second-gen Echo

Now you can rock out to U2 and give to a good cause by buying Amazon's red Echo, a limited edition of the smart speaker that also donates money to the humanitarian organization Project (Red), founded by Bono.