Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1 of 4
E-THREATS
INDUSTRY NEWS
E-Threats
MALWARECITY
No Banner to display
comment : 0 |
Smart lighting IoT devices are prone to attacks that expose households and inhabitants to discomfort, but
more importantly, mass surveillance, privacy exposure and data theft.
Adware
Android
Antivirus
Apple
Bitdefender
Attack
Breach
Cyber-attack
Exploit
Anonymous
Backdoor
China
Data Breach
Facebook
DDoS
Facebook Scams
Bitdefender researchers analyzed the LIFX bulb a successful crowdfunding project started in September 2012
and found it vulnerable to traffic interception. Coincidentally, the LIFX product has been subjected to a hacking
Fbi
Fraud
Hack
experiment in 2014 and was seen leaking Wi-Fi credentials through the wireless mesh network connecting the
bulbs. At that time, the company announced it will provide a fix.
Hacker
Hackers
Malware
Microsoft
Hacking
Omelette
The vulnerabilities
Password
The LED lighting market is booming, as lightbulbs become more feature-rich and affordable with each model.
Ransomware
Phishing
Privacy
Scam
Scams
Manufacturers are heavily focused on connecting chip-driven lighting products, making them talk to one another and
to broader networks.
The Lifx Bulb is a smart LED that connects to a Wi-Fi network and allows users to control house lighting via a
smartphone app. The device is fully compatible with Google Nest, Scout alarm system, Amazon Echo, Flic and
Security
Slider
Software
Uk
Spam
Us
Virus
other IoTs.
Windows
The smart bulb carries a design vulnerability an attacker can switch the device on and off five times to reset the
device and start the configuration process, initializing the creation of a new hotspot.
Moreover, any control command is executed without authentication, so sending requests from an Android app
installed on a different device could change lighting settings such as temperature, color etc.
Worm
Social Media
Trojan
Vulnerability
2 of 4
During normal setup, the device creates a hotspot used by the Android app to manage initial configuration of the
device. The device asks for the username and password of the home network and once the user enters the
credentials, the bulb connects to the Internet and the hotspot is closed.
E-THREATS
million
were
Bitdefender
Products
iscovered
that a device reset20can
be Instagram
done fromaccounts
a physical
switch outside the users home, for
ALERTS
put
at
risk
through
sloppy
security
hole
Ready
Embrace
thetouser
sees that the bulb is not working, he will try to re-register it in the application. Meanwhile the
NETWORKS
Windows
10
an identical
fake hotspot by manipulating the devices MAC and SSID. TheSOCIAL
fake hotspot
will appear
July 08, 2015
BITDEFENDER TECHNOLOGY
VIDEOS
BOTNETS
CONTEST
1800+ Minecraft
HACKING
HOW TO.
MALWARE HISTORY
MISCELLANEOUS
Scammers Impersonate
PHISHING ALERT
SOCIAL NETWORKS
Accounts
SPAM
SPAM REVIEW
UNCATEGORIZED
VIRUSES DESCRIPTIONS
VULNERABILITIES
WEEKLY REVIEW
MOBILE & GADGETS
TIPS AND TRICKS
Bitdefender has unsuccessfully tried to contact the vendor and inform them of the research findings. The attack is
still possible on the LIFX app version, 3.3.0.1, downloaded by 50,000 users as of this writing.
Security implications
3 of 4
This research draws attention to the necessity to embed proper security in the life-cycle of devices as they still lack
strong authentication mechanisms when being pushed to market. It also reminds users to pay attention and conduct
a thorough market research before purchasing any new devices which might endanger their privacy.
Researchers from Bitdefender Labs have investigated a random selection of IoT devices- a smart LED, a Wi-Fi
enabled switch, a Wi-Fi audio receiver and a smart power adapter and will share more worrisome findings. Note:
the scrutinized gadgets have been chosen randomly, based on popularity, product reviews and price affordability.
This article is based on the technical information provided courtesy of Bitdefender researchers Dragos Gavrilut,
Radu Basaraba and George Cabau.
All product and company names mentioned herein are for identification purposes only and are the property of, and
may be trademarks of, their respective owners.
Tweet
14
Like
17
Share
1
StumbleUpon
Submit
Previous
Next
Related posts
Porn Clicker
Malware Nesting in
Google Play
Porn Clicker Malware
Nesting in Google Play
Phishing surges,
file-sharing takes lead
hacking
as most targeted
industry of Q1
Leave a Comment
Name*
Email*
Website
4 of 4