Skip to main content

Installing Osram Lightify smart bulbs could gift wrap your Wi-Fi password to hackers

osram smart bulbs vulnerable to hacks osram2
Like a setting out of a horror movie, a recent discovery of potential security flaws in Osram’s Lightify smart light bulbs may give hackers the ability to remotely operate a user’s lights, and even control their network, without asking for approval. Perhaps even more critical, the vulnerabilities — of which nine were found by a security researcher at Rapid7 — could also give unwanted visitors access to a home’s Wi-Fi network. Deral Heiland, the researcher who happened upon the cracks in Osram’s armor, has reportedly informed the manufacturer of the flaws, and has stated that a simple software update coming out in August should fix the problem.

Of the nine vulnerabilities found by Heiland, the one likely responsible for the bulk of the problem lies with the smart bulb’s companion application, which stores unencrypted copies of an owner’s Wi-Fi password. Because of this, hackers could easily obtain this information via the app, which would grant them access to anything connected to the Wi-Fi network. In other words, this is bad.

“This is not just about being able to manipulate the light bulbs,” said University College London cybersecurity expert, Professor Angela Sasse. “The vulnerabilities here could give somebody access to control the network itself and that’s a very serious issue. In this day and age, you would regard that as an unacceptable security flaw. It’s a well known thing that you don’t store passwords like that — it’s really elementary.”

Currently, the company says it continues to analyze potential issues with its products and that most of the flaws will likely be resolved come August. For the remaining risks — which reportedly surround the companion ZigBee Hub — the company says it’s working to find a way to develop yet another patch, though it’s uncertain what the patch would actually target.

As smart home technology continues to grow, one of the most important aspects consumers look for is a device’s built-in security. Unfortunately for Osram, until it fixes its issue of unencrypted Wi-Fi passwords, it’s likely few people will be knocking down its door to install a Lightify system.

Editors' Recommendations

Rick Stella
Former Digital Trends Contributor
Rick became enamored with technology the moment his parents got him an original NES for Christmas in 1991. And as they say…
Smart homes without Wi-Fi: Huge possibilities or roadblocks?
Amazon Echo Show 15 hanging horizontally on the wall.

When it comes to smart home automations, there really isn't much that can't be done these days. From the moment you wake in the morning to the final minutes before bed, by issuance of a few simple voice commands, you can check your daily schedule, raise and lower blinds, fire up a pot of coffee, stream news radio, lock and unlock doors, initiate a video call, and so much more.
And as product developers are continuing to roll out new and innovative features, today's leading smart home devices are getting easier to use, more efficient, and -- you guessed it -- smarter. With innovation around every turn, what could possibly be improved upon?
Our hot take: The reliance on our Wi-Fi networks to operate this equipment.

The Internet of Things and ecosystems
The vast majority of smart home devices require a web connection, which is why this class of consumer tech and its related peripherals are often referred to as Internet of Things (IoT) components. While this label can be applied to essentially any hardware that has the capability of connecting to the internet, the phrase takes on a new meaning when discussing smart devices.

Read more
Why moving your smart home could be a nightmare
Philips Hue Appear Outdoor smart light.

The smart home concept is a great thing: It allows us to automate things from lighting to temperature, make video calls while we prepare dinner, and get answers to questions instantly. In its current state, it has one fatal flaw, however: The smart home is not really meant to move.
What to know about moving smart home gadgets
Think about it: Some of us have literally dozens of devices including lights, thermostats, robot vacuums, speakers, security cameras, wireless alarm systems, and more. How would you go about removing, relocating and reconnecting all those devices to Wi-Fi in a new house if you ever need to move? On the surface, it sounds daunting.
Use of adhesives in smart home products
Some smart lighting, in particular LED strip lighting like that from LIFX, Philips Hue and Govee, attaches with adhesive tape to the underside of cabinets, the back of TVs, headboards, and even bathroom mirrors. Does that mean you can’t take it with you?

It’s possible to remove adhesive with the right product -- Goo Gone comes to mind -- but it could leave a mess behind that requires painting, patching or touch-ups and only adds to your moving checklist. In the past, I’ve used 3M Command adhesive strips as opposed to the sticky tape included on smart lights to stick them into place, and this allows easy relocation if necessary.

Read more
How smart lighting affects your health
Govee Glide wall light installed above couch on wall.

The advent of smart lighting has provided a wealth of new opportunities for tweaking personal health. The right color temperatures and timing can optimize focus during the day and ease sleep schedules at night. Let's dig into the many health factors that smart lighting touches upon.

Note: None of us here at Digital Trends are remotely close to being optometrists or medical doctors. Take the advice of licensed professionals before making big health choices. 
How does lighting affect sleep?

Read more